My boss has commissioned me with creating a new file server to replace a M$ server that is installed now. We want to go with Linux for many reasons, but one big thing we want to be able to do is still manage permissions using M$ type permissions from our XP desktop's rather than unix style permissions. How would this be accomplished on a CentOS box?
View 1 RepliesI am the IT Manager at a research facility. We have a fairly unique network configuration in order to support all of the different projects we have going on. We have Red Hat, Ubuntu, Windows XP/Vista/7, Windows Servers 2003, Ubuntu servers, Red Hat servers, and even a few Netgear ReadyNAS and Buffalo Terastations. Over the last few years, I have been migrating all of my users and accounts to a single ACL list, which I chose to be a Windows AD 2003 server. 95% of my users work on Windows platforms and just use ssh tunnels to develop on our linux boxes.
However, i ran in to a problem with our Linux boxes not being able to symbolic link on my Windows 2003 file shares. Of course, this is a problem with Windows not supporting symbolic links. I know 2008 does support this feature, but given the economy and the budget restraints, we cannot afford to purchase the updates we would need, so now I am moving all of my shares to a Ubuntu 10.04 server using Samba. I have joined the server to my AD domain successfully, i can login using my AD credentials, and even assign ownership and group permissions using AD users/groups.
Here is my question.
I would like to keep the AD permission schemes intact. I have several shares that contain folders that have individual permission settings. For example, I have a /shared directory that contains about 50 different folders. Some of these folders I allow my users to write data to, some just read, and others I deny access to complete groups and just allow key groups to access (for example, personnel data should only be accessed by the Administrative staff).
Is there a way to make this work?
I can assign uid and gid manually per folder in Samba, but i would like to have the possibility to add multiple users and groups with permissions to folders, which I do not believe can be done with the standard chown commands. Currently, I can see the folder permissions from my Windows box, but when I try to edit the permission settings, it defaults back to full access. So my AD permissions are not being saved.
I have a freshly installed CentOS 5.4 box which I'm trying to get AD authentication working on. I have AD authentication via kerberos working for SSH, but when I try and have it work for SMB shares I'm getting an access denied error. What's even more odd is that when I tell pam to use winbind to authenticate SSH...it works just fine. Wbinfo -a username%password authenticates fine and getent passwd and group enumerates the AD users and groups ok. My smbd.log was throwing the following error "Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE" but has since stopped for some reason, but googling this indicated I needed re-join the machine to the domain, which I have.
View 3 Replies View RelatedHow can the linux boxes authenticate from Windows Active Directory ? The Apache should also authenticate from Windows Active Directory ?
View 3 Replies View RelatedI've configured kerberos authentication on my centos 5.2 box. When I kinit with a username in AD and not on the centos box, I get a TGT. However, I cannot log into the centos box as any of the AD users. This is probably a stupid question but do I also need to create the account's on the centos box that I have in AD? If so, does that mean i can then use pam to authenticate users on my cyrus imap process running on the centos box?
View 2 Replies View RelatedI've been looking for alternatives to Active Directory with Centos mainly SAMBA and OpenLDAP. I have worked with SAMBA and I know I can create a PDC and make clients join a domain but how about enforcing Group Policy?... is this possible with SAMBA or OpenLDAP/LDAP?
View 2 Replies View RelatedI would prefer to use a linux server for authentication but I will need the same configuration features.I have been looking for a good guide to setting up CentOS as an alternative to Active Directory, but have not found one yet.The features I want to see.
1. works with Windows clients.
2. Network Home folders (does not neessisarly need to hold profile information)
3. Logon scripts for clients.
4. shared printers
5. shared folders.
6. can log linux boxes in with the same credentials and logon scripts.
okay so we have multiple servers running CentOS and multiple people who need access to these machines for various tasks. i would like to be able to use the credentials from Active Directory (running on server 2008) to give them access to these servers without having to go through each server and add these people into permission groups. basically a single sign-on for all of these servers depending upon what permissions were granted in Active Directory. how do i go about doing this?
View 1 Replies View RelatedFirst, I'm extremely green with linux. I'm trying to configure my CentOS 5.2 box to authenticate my SSH users with my Active Directory. What would be the best way to go about doing that? I've configured Winbind and joined it the the domain but I'm not able to login locally or SSH with an AD account. I'm not sure where to go from here. Also my users will not be accessing any file shares on this box, SSH only.
View 1 Replies View RelatedI was working to integrate Centos 5 and AD 2003 R2, this is my set up Windows side:
1. Install Identity Management for Unix, (Windows R2 already includes the Unix attribute not entirely necessary to install IMU, but it makes easier to configure the attributes from ADUC, when IMU is installed the Unix attributes TAB is shown in the user properties)
2. Configure the Unix attributes for every user account that will be authenticating from centos.
3. Create an user account to be used as a proxy for ldap, a regular user would be enough. Password never expires.
4. Create a computer account for every centos host; assign this computer account as pre-windows 2000 account.
5. Assign a value of 4128 to the user account control property for the computer account.
[Code]...
I have just installed the 32bit and 64bit versions of CentOS 5.5 and was wondering how I can add these machines to Active Directory for authentication. I've done this in the past with CentOS 5.4 using the GUI and everything worked just fine but now need to do everything from the command line.
View 1 Replies View RelatedI am testing CentOS 5.4 on a virtual machine before deploying to a server.I am trying to get authentication through our Active Directory server, without actually joining the machine to the domain.I tried multiple tutorials, including this one: URL...Basically I enabled authentication through kerberos and modified my ldap.conf file.
View 1 Replies View RelatedAttach a Fedora/RHEL/CentOS system to an Active Directory DomainBelow is a step by step outline of how to configure a Linux Samba fileserver to use an Active Directory domain for authentication and authorization in place of flat files. Note that this configuration has been replicated using Fedora 10, RHEL 5.3 and CentOS 5 since they all more or less share the same code base.me of the example server in this document is erver1.domain.forest.org, substitute correctly where appropriate. At the very least following packages must also be installed:
sambasamba-commonsamba-clientkrb5-workstationopenldap-clientsIt would be prudent to understand the underlying concepts of how Kerberos and Samba work prior to deploying this type of server. I find that SE-Linux will interfere with Samba services, particularly with winbind. I usually set SE-Linux to be in a permissive mode. It is possible to update the SE-Linux policies but that is outside the scope of this document, i.e you're on your own. In some cases I turned SE-Linux off since it was causing winbind to stop responding.
1. Set NTP to use the correct server for your Active Directory domain:shell> system-config-timeSet the primary NTP server to be your domain/forest NTP server2. Make backups of and edit the following system configuration files:a. shell> cp /etc/resolv.conf /etc/resolv.conf.bakb. shell> vi /etc/resolv.conf
nameserver dns_server1_ip_address
nameserver dns_server2_ip_address
search domain.forest.org
My all production PC r running under ADC windows2008 server. Recently I implement a file server in CentOS 5. Now I want to integrate Samba (File sharing) using Active Directory so that all access permission to file server comes from AD's permission.
View 2 Replies View RelatedI've been trying to find a single set of instructions that define how to configure Fedora 12 to authenticate using Active directory without 100 steps (plus or minus) but difficult at best. I have about 12 Fedora 12 servers running as stand alone servers in a Windows 2003 network.
Can someone point me to a great set of instructions that can easily be replicated across multiple servers and a few workstations?
I have set my Ubuntu 10.04 box with our Windows domain. I can see from "net ads info" that I am on the domain. I can also get the password and group info with getent.So far so good. But I have tried to configure pam basically by following this guide:http://www.ccs.neu.edu/home/battista...nbind/pam.html
Yet when I try to su or login as an AD user I just get and immediate "Unknown id: <userid>".I have had a look at /var/log/auth.log and there are no errors there.Can anyone provide some tips on debugging the pam configuration?
I'm actually a software developer, develop exclusively on Linux, and do know how to go about taking care of a Linux distro, so don't start telling me that 'sudo' isn't a sushi roll...
Question... I want to implement an Active Directory like authentication in a Linux-only environment. My office has approximately 15-25 local desktop PCs all running Ubuntu 10+ and one Ftp & SVN server running Ubuntu 10+.
Each developer has his/her own personal local account on his PC, and the shared PCs have different, local accounts for those developers. The FTP server has ONE (!!) account that everybody uses to access it, as does SVN.
The big picture is that I would like to install & configure a VPN server for remote developers. Before doing that, I'd like to find a way to unify the users across the network so that there exists only one UserX in the network.
I want to integrate the postfix with active directory that postfix can get the user information from active directory.
View 10 Replies View RelatedI have AD DS installed on Windows Server 2008 R2. Also, I've got SLES 10.3 as NFSv4 server, which will allow remote users to mount their /home partitions. What I need, is NFSv4 w/Kerberos. As AD server already has integrated Kerberos server, I need SLES to authenticate in it.Everything works good, but when it comes to svcgssd service activation, I receive an error.Here's the log:
/usr/sbin/rpc.svcgssd -f
ERROR: GSS-API: error in gss_acquire_cred(): Miscellaneous failure - No principal in keytab matches desired name
[code]....
I have tried using likewise but I came across this yesterday. When you install Likewise only on a Linux, Unix, or Mac computer and not on Active Directory, you cannot associate a Likewise cell with an organizational unit, and thus you have no way to define a home directory shell in Active Directory for users who log on the computer with their domain credentials. I am trying to pull attributes from acitve directory.. namely the homeDirectory
View 1 Replies View RelatedI've joined my box to an AD domain and set it to allow user logins via AD. In 11.2 I could choose my domain vs local login when X started up, in 11.4 I can not find that ability.
View 3 Replies View RelatedI am using openSUSE 11.2 with active directory for authentication. I configured it using the Window Domain Membership YaST2 module and I can login successfully (although unreliably). The problem is that I need the UID and GID of the users on my computer to match the UID and GID assigned by Active Directory. Currently it just assigns UIDs and GIDs starting at 10000, which is completely different than the UID and GID used by Active Directory and by other Linux computer runs by the school (those use CentOS). Does anyone know how to get my openSUSE computer to assign UIDs and GIDs from Active Directory?
View 3 Replies View RelatedI am running the Ubuntu Netbook Remix and setting up our systems for Active Directory Domain Authentication. When I am hard wired in (ethernet), AD authentication works with no problems using the Likewise-Open software (installed through Ubuntu Software Center). What I want to be able to do is have people authenticate with AD with only a wireless connection. Has anybody done this before?
View 1 Replies View RelatedI want to install a FTP server (VSFTPD) on my Redhat Enterprise Linux 5.5 and i want to use Active Directory LDAP (windows server 2008 enterprise) for authentication. I can't add my windows LDAP to FTP server. I try my best but i cant to config it.
View 6 Replies View RelatedI am trying to integrate my centos machine with active directory [Windows Server 2008] using Kerberos and LDAP. I can now successfully SSH to my linux machine as an active directory user. Then it automatically creates home directory for that particular user using the PAM module.
My problem is that i cannot login to GDM using the same active directory account. Should I do some configuration changes for GDM login to take place using an active directory account.?
I have successfully connected (and authenticated the user) from linux (Ubuntu) to Active Directory (windows 2003) using "Likewise Open".
1. at the login screen I have to enter "example.localusername" to login. how can I simplify the login so that the user can choose (click)the domain and just enter the username and password (like the login in windows) or make the domain the default.
2. how can I configure the default user profile? meaning, when the user login for the first time, I want to configure his profile. does it use the "/etc/skel" directory like the regular local login?
What is the The easiest way to authentication Active Directory with opensuse.
View 2 Replies View RelatedBut here is my problem... I have a windows 2003 server mini tower ATX running VMware workstation 7.0 that has a Ubuntu server 32-bit and a Ubuntu desktop; both versions are 10.04. Now, my ubuntu server edition joins active directory just fine, but my ubuntu desktop does not.
Here is my /etc/samba/smb.conf file:
[Global]
workgroup = XXXXDELIGHT
security = ads
realm = XXXXDELIGHT.BIZ
idmap backend = lwopen
[Code]....
The scenario is I have a Windows Server 2003 Domain Controller which runs ADUC. I have created some security groups which I would like to apply to my network shares. The problem is, the majority of my network shares are based on Open Suse machines which, although are part of the domain, when trying to configure the shares using SMB, do not allow me to select the Active Directory groups. Any solution which will allow me to use ADUC security groups?
View 3 Replies View RelatedI have an old Apache version (1.3.11) and an old Redhat release (2.1.12-20 - Cartman)and need to authenticate a Windows 2003 domain. The authentication to an NT domain already works as expected (see below) but unfortunately I am unable to find the correct LDAP module for V1.3.11 to allow authentication.
From what I have read the LDAP module needs to be compiled with Apache but I am really not sure. Unfortunately I am unable to upgrade to Apache2 when I could presumibly use the authnz_ldap_module but if someone could point me to the correct LDAP module for 1.3.11 it .
Ive installed openldap-1.2.9-6 and openldap-devel-1.2.9-6 but don't particulary want to go down configuring LDAP when hopefully I can simply add the LDAP module to Apache which was not compiled in Apache initially.
Also, do I need to specifiy the AD domain password in the directives or can the Windows lads just create any account I can use.