CentOS 5 :: Samba And Active Directory
Feb 9, 2010
I have a freshly installed CentOS 5.4 box which I'm trying to get AD authentication working on. I have AD authentication via kerberos working for SSH, but when I try and have it work for SMB shares I'm getting an access denied error. What's even more odd is that when I tell pam to use winbind to authenticate SSH...it works just fine. Wbinfo -a username%password authenticates fine and getent passwd and group enumerates the AD users and groups ok. My smbd.log was throwing the following error "Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE" but has since stopped for some reason, but googling this indicated I needed re-join the machine to the domain, which I have.
View 3 Replies
ADVERTISEMENT
May 19, 2011
My all production PC r running under ADC windows2008 server. Recently I implement a file server in CentOS 5. Now I want to integrate Samba (File sharing) using Active Directory so that all access permission to file server comes from AD's permission.
View 2 Replies
View Related
Dec 18, 2010
I have ubuntu server 9.04 installed on my computer and I am trying to make a Domain Server. I have made sure that there are no problems in the configuration file. When I go to join the domain in windows 7 it tells me that it cannot find the Active Directory server.
View 2 Replies
View Related
Jul 20, 2010
I am the IT Manager at a research facility. We have a fairly unique network configuration in order to support all of the different projects we have going on. We have Red Hat, Ubuntu, Windows XP/Vista/7, Windows Servers 2003, Ubuntu servers, Red Hat servers, and even a few Netgear ReadyNAS and Buffalo Terastations. Over the last few years, I have been migrating all of my users and accounts to a single ACL list, which I chose to be a Windows AD 2003 server. 95% of my users work on Windows platforms and just use ssh tunnels to develop on our linux boxes.
However, i ran in to a problem with our Linux boxes not being able to symbolic link on my Windows 2003 file shares. Of course, this is a problem with Windows not supporting symbolic links. I know 2008 does support this feature, but given the economy and the budget restraints, we cannot afford to purchase the updates we would need, so now I am moving all of my shares to a Ubuntu 10.04 server using Samba. I have joined the server to my AD domain successfully, i can login using my AD credentials, and even assign ownership and group permissions using AD users/groups.
Here is my question.
I would like to keep the AD permission schemes intact. I have several shares that contain folders that have individual permission settings. For example, I have a /shared directory that contains about 50 different folders. Some of these folders I allow my users to write data to, some just read, and others I deny access to complete groups and just allow key groups to access (for example, personnel data should only be accessed by the Administrative staff).
Is there a way to make this work?
I can assign uid and gid manually per folder in Samba, but i would like to have the possibility to add multiple users and groups with permissions to folders, which I do not believe can be done with the standard chown commands. Currently, I can see the folder permissions from my Windows box, but when I try to edit the permission settings, it defaults back to full access. So my AD permissions are not being saved.
View 9 Replies
View Related
Feb 24, 2011
I'm having a problem with Active Directory and Share permissions that I cant seem to figure out. I used likewise-open to join my ubuntu server to a windows 2008 domain. Everything seems to be working fine. The problem is, the only way I can access the shares is if I CHMOD 777 the share directory. If I CHMOD 770, the Domain owner or Domain group member of the directory cant access the directory. Also, when creating a folder within the share, I need to set the directory mask as 777 in order to enter those sub folders.
Heres the share section from my smb.conf
Code:
[public]
comment = Ubuntu File Server Share
path = /srv/samba/public
browseable = yes
[Code]...
View 1 Replies
View Related
Oct 13, 2010
I've been banging my head on this for a week... I finally got AD login working, but I can't get cached logins working. I installed SADMS, let it configure everything, and though I can now login, I still cannot login as my AD username when my machine is not connected to the AD network. I need to be able to login at home, connect to the VPN (if I can ever get that working), then sign on to services at work using my AD username.
Also, I cannot login to local accounts when the system is not connected to the AD network. Plus, home drive mapping is not working, our shares are \FILESERVERuseruser[I]username[I] so this does not work. UPDATE: I installed likewise-open, and now I can't login unless I use the full domain name when logging in via ssh, but I cannot login on the desktop, which is not what I want, now my username doesn't match the previous UID mapping, and my home directory is mapped to /home/likewise-open/DOMAIN/user, instead of /home/DOMAIN/user, like it was before.
View 9 Replies
View Related
Jul 22, 2010
We have a couple of Windows file servers that just share files. It is all they do. We'd like to use Ubuntu on two replacement servers allowing Windows XP and Windows 7 clients to access the files. Our network is active directory based due to Exchange and homegrown .NET apps, so it is important that active directory is used to authenticate the clients. Samba doesn't need to be a pdc or bdc, but provide pass through authentication.I understand that Samba can communicate with active directory through security-ads and security-domain.
Here are my questions to see if I should proceed:1) Folder permissions:If we move all our files to the Ubuntu server how do we set folder permissions and will we see the active directory accounts when we do this?2) Skipping ubuntu accounts: I know the domain and ads allow you to skip creating ubuntu accounts, right? If not, how do you keep the passwords synchronized?3) Easiest way? Is there a very easy way to pull this off that I've missed? My goal is to eliminate the Windows based file servers while ensuring the admin part of it is as easy as possible.To date I've been able to get the sharing to work with an ubuntu account mirroring the active directory account. I've been able to get Samba to talk to the pdc, but not successfully through domain security. ADS security was a complete cluster with winbindd
View 3 Replies
View Related
May 6, 2009
My boss has commissioned me with creating a new file server to replace a M$ server that is installed now. We want to go with Linux for many reasons, but one big thing we want to be able to do is still manage permissions using M$ type permissions from our XP desktop's rather than unix style permissions. How would this be accomplished on a CentOS box?
View 1 Replies
View Related
Jan 4, 2011
How can the linux boxes authenticate from Windows Active Directory ? The Apache should also authenticate from Windows Active Directory ?
View 3 Replies
View Related
Apr 15, 2009
I've configured kerberos authentication on my centos 5.2 box. When I kinit with a username in AD and not on the centos box, I get a TGT. However, I cannot log into the centos box as any of the AD users. This is probably a stupid question but do I also need to create the account's on the centos box that I have in AD? If so, does that mean i can then use pam to authenticate users on my cyrus imap process running on the centos box?
View 2 Replies
View Related
Aug 19, 2009
I've been looking for alternatives to Active Directory with Centos mainly SAMBA and OpenLDAP. I have worked with SAMBA and I know I can create a PDC and make clients join a domain but how about enforcing Group Policy?... is this possible with SAMBA or OpenLDAP/LDAP?
View 2 Replies
View Related
Nov 4, 2009
I would prefer to use a linux server for authentication but I will need the same configuration features.I have been looking for a good guide to setting up CentOS as an alternative to Active Directory, but have not found one yet.The features I want to see.
1. works with Windows clients.
2. Network Home folders (does not neessisarly need to hold profile information)
3. Logon scripts for clients.
4. shared printers
5. shared folders.
6. can log linux boxes in with the same credentials and logon scripts.
View 3 Replies
View Related
Aug 13, 2011
okay so we have multiple servers running CentOS and multiple people who need access to these machines for various tasks. i would like to be able to use the credentials from Active Directory (running on server 2008) to give them access to these servers without having to go through each server and add these people into permission groups. basically a single sign-on for all of these servers depending upon what permissions were granted in Active Directory. how do i go about doing this?
View 1 Replies
View Related
Apr 22, 2009
First, I'm extremely green with linux. I'm trying to configure my CentOS 5.2 box to authenticate my SSH users with my Active Directory. What would be the best way to go about doing that? I've configured Winbind and joined it the the domain but I'm not able to login locally or SSH with an AD account. I'm not sure where to go from here. Also my users will not be accessing any file shares on this box, SSH only.
View 1 Replies
View Related
Jul 29, 2009
I was working to integrate Centos 5 and AD 2003 R2, this is my set up Windows side:
1. Install Identity Management for Unix, (Windows R2 already includes the Unix attribute not entirely necessary to install IMU, but it makes easier to configure the attributes from ADUC, when IMU is installed the Unix attributes TAB is shown in the user properties)
2. Configure the Unix attributes for every user account that will be authenticating from centos.
3. Create an user account to be used as a proxy for ldap, a regular user would be enough. Password never expires.
4. Create a computer account for every centos host; assign this computer account as pre-windows 2000 account.
5. Assign a value of 4128 to the user account control property for the computer account.
[Code]...
View 1 Replies
View Related
May 21, 2010
I have just installed the 32bit and 64bit versions of CentOS 5.5 and was wondering how I can add these machines to Active Directory for authentication. I've done this in the past with CentOS 5.4 using the GUI and everything worked just fine but now need to do everything from the command line.
View 1 Replies
View Related
Jun 22, 2010
I am testing CentOS 5.4 on a virtual machine before deploying to a server.I am trying to get authentication through our Active Directory server, without actually joining the machine to the domain.I tried multiple tutorials, including this one: URL...Basically I enabled authentication through kerberos and modified my ldap.conf file.
View 1 Replies
View Related
Mar 22, 2009
Attach a Fedora/RHEL/CentOS system to an Active Directory DomainBelow is a step by step outline of how to configure a Linux Samba fileserver to use an Active Directory domain for authentication and authorization in place of flat files. Note that this configuration has been replicated using Fedora 10, RHEL 5.3 and CentOS 5 since they all more or less share the same code base.me of the example server in this document is erver1.domain.forest.org, substitute correctly where appropriate. At the very least following packages must also be installed:
sambasamba-commonsamba-clientkrb5-workstationopenldap-clientsIt would be prudent to understand the underlying concepts of how Kerberos and Samba work prior to deploying this type of server. I find that SE-Linux will interfere with Samba services, particularly with winbind. I usually set SE-Linux to be in a permissive mode. It is possible to update the SE-Linux policies but that is outside the scope of this document, i.e you're on your own. In some cases I turned SE-Linux off since it was causing winbind to stop responding.
1. Set NTP to use the correct server for your Active Directory domain:shell> system-config-timeSet the primary NTP server to be your domain/forest NTP server2. Make backups of and edit the following system configuration files:a. shell> cp /etc/resolv.conf /etc/resolv.conf.bakb. shell> vi /etc/resolv.conf
nameserver dns_server1_ip_address
nameserver dns_server2_ip_address
search domain.forest.org
View 10 Replies
View Related
May 13, 2010
The company I work for, as usual, is Microsoft-centric. I'm attempting to integrate my Ubuntu server into the domain to allow domain users to authenticate to the server and access file shares using Samba. Here's my current configuration:
[Code].....
View 9 Replies
View Related
Jul 22, 2009
I've to make a Windows 2000 share on my Server Linux CentOS 5.1 with all the updates installed with yum. I've a directory on a Windows 2000 that contains some images for a catalogue. I have my internet site on CentOS 5.1 with a Apache - Mysql - PHP web server. I have to mount my directory on a share in /mnt/catalogueimages and made a symbolic link from my /var/www/html/mysite/catimages to this samba share.
This is what I do following your guide a this link: [URL]
I have placed in my /etc/fstab this line:
//SERVER/C/Catalogue /mnt/catalogueimages cifs user,username=Administrator,password=,uid=apache,gid=apache 0 0
My Windows 2000 server have no password.
After that I made the symbolic link:
ln -s /mnt/catalogueimages /var/www/html/mysite/catimages
All it's OK.
The problem is that I can't see the images via browser. I have tried also to put some images in the directory /mnt/catalogueimages, deleting the mount point, in order to see if the problem was in apache: the images are visible via browser. Why I don't reach to see the images mounted with samba?
View 9 Replies
View Related
May 3, 2010
I've been trying to find a single set of instructions that define how to configure Fedora 12 to authenticate using Active directory without 100 steps (plus or minus) but difficult at best. I have about 12 Fedora 12 servers running as stand alone servers in a Windows 2003 network.
Can someone point me to a great set of instructions that can easily be replicated across multiple servers and a few workstations?
View 6 Replies
View Related
Nov 16, 2010
I have set my Ubuntu 10.04 box with our Windows domain. I can see from "net ads info" that I am on the domain. I can also get the password and group info with getent.So far so good. But I have tried to configure pam basically by following this guide:http://www.ccs.neu.edu/home/battista...nbind/pam.html
Yet when I try to su or login as an AD user I just get and immediate "Unknown id: <userid>".I have had a look at /var/log/auth.log and there are no errors there.Can anyone provide some tips on debugging the pam configuration?
View 1 Replies
View Related
Jun 17, 2011
I'm actually a software developer, develop exclusively on Linux, and do know how to go about taking care of a Linux distro, so don't start telling me that 'sudo' isn't a sushi roll...
Question... I want to implement an Active Directory like authentication in a Linux-only environment. My office has approximately 15-25 local desktop PCs all running Ubuntu 10+ and one Ftp & SVN server running Ubuntu 10+.
Each developer has his/her own personal local account on his PC, and the shared PCs have different, local accounts for those developers. The FTP server has ONE (!!) account that everybody uses to access it, as does SVN.
The big picture is that I would like to install & configure a VPN server for remote developers. Before doing that, I'd like to find a way to unify the users across the network so that there exists only one UserX in the network.
View 4 Replies
View Related
Jul 18, 2010
I want to integrate the postfix with active directory that postfix can get the user information from active directory.
View 10 Replies
View Related
Oct 23, 2010
I have AD DS installed on Windows Server 2008 R2. Also, I've got SLES 10.3 as NFSv4 server, which will allow remote users to mount their /home partitions. What I need, is NFSv4 w/Kerberos. As AD server already has integrated Kerberos server, I need SLES to authenticate in it.Everything works good, but when it comes to svcgssd service activation, I receive an error.Here's the log:
/usr/sbin/rpc.svcgssd -f
ERROR: GSS-API: error in gss_acquire_cred(): Miscellaneous failure - No principal in keytab matches desired name
[code]....
View 1 Replies
View Related
Jul 9, 2010
I want to update all the machines in the network from a central repository which is on my master server and whose archive directory is shared through samba.I searched in the man page of sources.list and found that there is an option for this but can't able to implement this. Can anybody kindly tell me the way to do the same.
View 1 Replies
View Related
Jun 7, 2011
I have tried using likewise but I came across this yesterday. When you install Likewise only on a Linux, Unix, or Mac computer and not on Active Directory, you cannot associate a Likewise cell with an organizational unit, and thus you have no way to define a home directory shell in Active Directory for users who log on the computer with their domain credentials. I am trying to pull attributes from acitve directory.. namely the homeDirectory
View 1 Replies
View Related
Mar 10, 2011
I've joined my box to an AD domain and set it to allow user logins via AD. In 11.2 I could choose my domain vs local login when X started up, in 11.4 I can not find that ability.
View 3 Replies
View Related
Mar 2, 2010
I am using openSUSE 11.2 with active directory for authentication. I configured it using the Window Domain Membership YaST2 module and I can login successfully (although unreliably). The problem is that I need the UID and GID of the users on my computer to match the UID and GID assigned by Active Directory. Currently it just assigns UIDs and GIDs starting at 10000, which is completely different than the UID and GID used by Active Directory and by other Linux computer runs by the school (those use CentOS). Does anyone know how to get my openSUSE computer to assign UIDs and GIDs from Active Directory?
View 3 Replies
View Related
Feb 24, 2010
I am running the Ubuntu Netbook Remix and setting up our systems for Active Directory Domain Authentication. When I am hard wired in (ethernet), AD authentication works with no problems using the Likewise-Open software (installed through Ubuntu Software Center). What I want to be able to do is have people authenticate with AD with only a wireless connection. Has anybody done this before?
View 1 Replies
View Related
