CentOS 5 :: Winbind Auth With PXE Booted Diskless Clients
Apr 29, 2010
In short we are booting Centos 5.4 over PXE to a bunch of diskless clients. Once they are booted - we can login (as local root account) and RDP to windows machines using rdesktop as we require.
The next step of the project is to get user authentication to the Windows Domain controller working for the PXE image.
To do so - we continued with our physical install of Centos 5.4 (used to create the pxe image with rsync as per the wiki page for diskless clients) by following through this page. AD auth works perfect on this box (it has a local HDD install of centos obviously).
Once we rsync'd the changes over to the pxeboot location - and rebooted one of the diskless pxe clients - we get issues.
The issue is that winbind seems to start - however the file "/etc/samba/secrets.tdb" cant be read. We tried removing this file that the PXE clients use and recreating it using
touch /etc/samba/secrets.tdb
View 3 Replies
ADVERTISEMENT
Apr 1, 2010
That is, the thin clients will have to get their OS image via TFTP, and their IP address via DHCP on a *wireless card* - is this possible?What spec should I ask for/search for when buying the WiFi card?
View 1 Replies
View Related
Apr 10, 2010
This is as far as FireFTP can go to make a connection.
Code:
220 Welcome to Steve Test SFTP service.
AUTH TLS
Proceed with negotiation.
PBSZ 0
All the basic vsftpd.conf advice followed:
Code:
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
[code]....
View 2 Replies
View Related
Apr 13, 2010
Recently i configured Postfix with Cyrus-Imap and it all worked fine unless i wanted to allow also AD users to use Squirrelmail.Currently AD users are able to logon to ssh server without any problems.
- wbinfo -u & -g is fine
- testsaslauth - passed
- telnet to localhost 143 + a LOGIN user password - passed
- cyradm shows active mailbox for particular user
imap i pam.d:
#%PAM-1.0
auth include system-auth
account include system-auth
View 1 Replies
View Related
Feb 11, 2010
My problem is that I can't setup a diskless environment with CentOS 5.4 (server) and CentOS 3.9 (hosts). On the host, I've recompiled the CentOS 3.9 kernel, with these mods:
- added kernel level IP autoconfiguration;
- added NFS file system support;
- added Root file system on NFS;
- added e1000 driver (the host has a gigabit network card);
Then, I have followed the guide at this link: [URL]
But in my dhcpd.conf I'he put other parameters:
ddns-update-style interim;
allow bootp;
allow booting;
subnet 192.168.195.0 netmask 255.255.255.0 {
range192.168.195.70 192.168.195.90;
option routers192.168.195.254;
option subnet-mask255.255.255.0;
option domain-name"lnf.infn.it";
option domain-name-servers192.168.195.254;
option time-offset-18000; # Eastern Standard Time
default-lease-time21600;
max-lease-time43200;
filename"linux-install/pxelinux.0";
next-server192.168.195.254;
}
host dante79 {
option host-name"dante79";
hardware ethernet00:20:38:01:C3:7C;
fixed-address192.168.195.79;
}
View 8 Replies
View Related
Mar 17, 2009
If I ssh from my laptop (running F10) to the server (centos 5.2) it asks for the password, but everytime I enter the correct password it says incorrect password. when I do the same from the server to my laptop I can get in just fine. I think my passwords are stored as ssha in the LDAP (I tried clear passwords and that dosen't work either).
View 1 Replies
View Related
May 25, 2011
How do I turn winbind authentication off or vsftpd. I keep getting these error messages in the /var/log/ secure:vsftpd: pam_winbind(vsftpd:auth): request failed: No such user, PAM error was User not known to the underlying authentication module (10), NT error was NT_STATUS_NO_SUCH_USER.I already tried remarking out different things in the config files. Is it safe to remark out the winbind stuff in /etc/pam.d/system-auth if we are using the smbclient to connect to a Windows share?Why would you want to to use AD to authenticate users for something simple like FTP is beyond me.I merely want it to authenticate against local system users.
View 3 Replies
View Related
Jul 14, 2009
I have a Samba File Server that can authenticate users in my Windows AD to log into the server. Anyways, I have a good amount of Windows Admins on staff but our org wants to cut budget so our first "slash" as it were is cutting down the actual Windows based File Servers.So my question is, now that I have this test server up and authenticating for logins using Windbind....is there a way I can get system-config-samba to "see" winbind users and groups so that file servers can still be "point and click" for my Windows Admins?
View 3 Replies
View Related
Apr 8, 2010
Centos 5.4 64bit fully updated. What I am doing is vsftpd is setup and nfs shares are mounted to a NAS server which is running openfiler 2.3 fully updated. openfiler is winbind to AD and pulling users and groups over.
I have it confirmed working when a ftp users connects the username/password is authenticated against AD which works. User can login and is directed to the users folder on the nfs share.
Openfiler shows me UID and GID numbers for users and groups, centos also shows me UID and GID but they are different which is causing permissions/quota's to not work right.
Both servers are setup with krb and winbind, openfiler has a more recent version of winbind.
Here is an example...
AD Users are
user UID of 160010 as an example
user1 UID 160011
When user logs into the vsftp server it works and chrooted into the directory for that user. When user uploads files I can upload but the UID in the ftp client shows 1600011 which is user1 UID
logging into windows to that share shows in the security tab that user1 uploaded the files.
Centos is mapping user as 160011
openfiler is mapping user as 160010
windows is showing the user1 in the security tab.
So it appears that centos is not mapping the right numbers to the right users and groups.
If you need details please ask for it and I will provide.
Both configs are nearly a match and I have made small changes to the config files smb.conf but it failed resolve these issues to work so I reverted back. kinit works with authentication, getent works, wbinfo -a and -u works. wbinfo -u user shows different results on both servers, but authentication works user/password and I tried a different password to test.
Is this a known bug or a silly misconfiguration? I had authentication GUI tool configure the winbind stuff so its all fairly standard on the centos machine and the openfiler gui configure winbind configs.
View 2 Replies
View Related
Jan 10, 2011
Lately I have been receiving this in my auth.log file. It seems to be repeating over and over, and I didn't know if was anything normal or something I should be worried about...
Code:
View 1 Replies
View Related
Nov 10, 2009
following situation and configuring authentication for Windows users on my CentOS clients please:IHAC WIN2003 R2 Domaincontroller with ALL my users and groups maintained there. For Usermapping (SID to UID/GID) I want to use IMU which is included with WIN2003 R2 srv and extends my Active Directory schema for UID, GID, NIS Domain etc. I want now authenticate my Windows users on my CentOS clients via their "domainnameusername" and passwords on the CentOS clients.
I also have a NAS server which has usermapping integrated and resolves the Windows SID's to the UID/GID's configured within the IMU schema extensions. Now I have no idea to setup my CentOS clients to use winbind, PAM and LDAP (IMU supports LDAP queries for UID/GID resolving) WITHOUT needing any Samaba Server or functionality.
* Do I need to configure the smb.conf file because my usermapping is done on the NAS Server and I want to resolve my Windows Users/Groups UID/GID's from IMU via LDAP?
* Do I (just) need to Join the AD (2003 native) or even using Kerberos with generating ktpass.exe keytab files (what is needed/recommended and what is the difference?) Can I authenticate the users without using Kerberos?
For e.g. my username is "domainuser_a" and within the IMU the UID is set to "12345", I don't want Samba/winbind to do usermapping again based on the configured values in the smb.conf file. Some hints would be really nice for me to understand how exactly it works and what is needed...
View 1 Replies
View Related
Sep 11, 2010
I have setup a Centos5.5 VMWare guest with Samba and Winbind for Active Directory integration, using GUI tools. Authentication works flawlessly, with automatic home directory creation. What I want to achieve now is using local UNIX groups to controll access to shared folders, to avoid bothering AD administrators with groups management. This is my smb.conf global section:
workgroup = COGITANS
password server = domainserver.hq.cogitans.it
realm = HQ.COGITANS.IT
security = ads
[code]....
'finance' is a local UNIX group where I added user 'COGITANSalberto' (I also tried with 'alberto') as a secondary group (primary group is 'domain users' and it cannot be changed). I am sure the user is added, because it is listed in 'getent group'. If I specify user COGITANSalberto in valid users it works, i.e. only that use can access the share, the others get a NT_STATUS_ACCESS_DENIED error. But if I use +finance, access is denied to everybody, and this is the log:
[2010/09/11 14:12:37, 10] smbd/share_access.c:user_ok_token(211)
User COGITANSalberto not in 'valid users'
[2010/09/11 14:12:37, 2] smbd/service.c:make_connection_snum(617)
user 'COGITANSalberto' (from session setup) not permitted to access this share (finance)
[code]....
It seems like winbind cannot recognize finance as a local group. For the same reason, I guess, 'force group = finance' does not work either (files are created with 'domain users' group ownership). My /etc/nsswitch.conf:
passwd: files winbind
shadow: files winbind
group: files winbind
Grants and ownership on the '/repositories/shared/finance' folder are
root:domain users with permissions 775
View 2 Replies
View Related
Dec 28, 2010
operating system: CentOS 5.5 git version:1.7.3.4 ldap server:OpenLdap Http server:Apache 2.2 the software above have been installed. How to config /etc/httpd/conf.d/gitweb.conf file to let git authed by ldap?
View 2 Replies
View Related
Apr 4, 2010
I have a whitebox server with three network adapters, two gigabit adapters using the intel 82573V chips, and an intel pro/100 adapter based on the 82562 chip. These are embedded on an MSI motherboard. None are passing traffic.I initially booted the box using a Knoppix 5.0.1 CD, and the NICs worked fine. When I installed CentOS 5.4, no joy.Interestingly, Intel recommends the e1000e driver (which I am using), but the Knoppix CD used the e1000 driver. Anyway, I pulled an updated e1000e driver from elrepo,installed it, and verified that it was in use with 'ethtool --driver eth2', and the correct driver/version was displayed.
Symptoms are no traffic passes, rx/tx packet counts in ifconfig are both 0 (no errors, either). Routing table looks fine; three routes: one for 169.x.x.x, 172.16.x.x (my subnet), and one for 0.0.0.0, all destined for eth2, and all up. When I ping 127.0.0.1, and the local adapter address, I get good replies. As soon as I ping a remote host on my subnet, I get 'Destination host unreachable'. Now, at one point, I actually got it to work. I applied a small patch from Intel to change a value in the EEPROM, rebooted as instructed, and the adapter came up and passed traffic. I did a 'yum update' to update my packages, and shortly thereafter, everything stopped working again.
View 6 Replies
View Related
Aug 20, 2010
I am in the process of creating a kickstart configuration file for some RedHat 5.5 and Centos 5.5 servers (Production and test respectively).I have googled about a bit but I cannot find a good list of the bare minimum packages required for a command-line system.If anyone knows how I can trim this list down anymore it would be much appreciated. The aim of this kickstart.cfg is to get the system booted to a bare minimum required to install Chef (Server management software). Chef will then setup Apache, Ruby on rails environment etc.
All this server will need to do is, from a static IP, Host a Ruby on rails app, send emails, send data to a server on the web, accept ssh and occasionally and connect to a SMB/CIFS share This list was taken from the anaconda-ks.cfg file after a RedHat install of what I thought was a pretty minimal system onto a VM but I noticed that cups, the avahi daemonsand gam_server are installed and running which I do not believe are needed for a pure web server.I know that these types of questions are hard to answer without a complete knowledge of the operating environment and what "minimum" is in this case ("@core only? but I wanted yum damnit!")
@admin-tools
@base
@core
[code]....
View 1 Replies
View Related
Mar 12, 2011
I just installed DarwinStreamingServer. All seems normal in admin panel But everytime I try to play the file using QTime player...the play button quickly turn into "Play" again as I push it. Then I try to open it via my nokia phone, I got message "Disconnected" as soon as it connected to the server.
View 1 Replies
View Related
Nov 19, 2009
the start up fails, but a process is left running. these machines are running the latest stable version of Centos 5, and we have been "messing" with the firewall. When I'm logged on through a console, I get error messages that lockd can not contact the server even though the nfs mounted home directories work fine.
View 5 Replies
View Related
Oct 19, 2010
At my work, we have several clients (outside clients) that have an FTP login to our FTP Server. Their login then leads them to their home FTP folder. The FTP server is currently a Win2003 box. Because we have so many clients, we would like to implement some form of WebGui that would allow each client to manage their own FTP home folder and user info, such as resetting their password if they lost it.
Is there anything like this available in linux that would provide us with that kind of control/usability?
View 1 Replies
View Related
Apr 4, 2011
I have a server (called NAS) that shares out /public, and I also have this same server running KVM with some VM's. I am setting up the first VM now, and one of the things it does is download torrents onto the share. I am connecting it via "mount -t smbfs //nas/public /mnt/nas" from the VM on the host and it seems to work fine. However whenever I add a torrent to the queue on the VM to download, all downloads stop and seem to be disconnected. I can restart them after a few seconds, but they will stop after a few minutes with another disconnect error. I have the network interface bridged, so I thought it was talking directly to the host.
The appropriate lines in my smb.conf:
security = share
[public]
comment = Public Stuff
path = /public
[Code]....
View 12 Replies
View Related
Jun 27, 2010
I am trying to find the proper way to setup a NFS4 Server with two clients. I have:
FileServer: CentOS 5.5
-IP:10.1.1.200
-User: Max
-Export: /FS-Data
[code]....
User/Group Max owns FS-Data on the FileServer, How do I go about mounting it on the clients, since root can only mount?
View 2 Replies
View Related
Sep 3, 2009
Tutorial for setting up a
domain server, dns server, ldap, mail server, firewall and proxy
with centos and how can I join ubuntu clients to the domain?
View 1 Replies
View Related
Sep 8, 2009
we can't get the clients in our lab to do a kickstart install. we're doing the install by booting from the Centos 5.3 net install cd and anaconda starts, but terminates abnormally reporting a SIGSEGV fault. Interestingly, attempts at doing an install from a CD and without the network connection results in this error:
X11TransSocketINETConnect() can't get address for localhost:6001. Temporary failure in name resolution.
View 7 Replies
View Related
Dec 9, 2009
We recently upgraded our NFS server from Centos 4.4 kernel 2.6.9-42.0.10.plus.c4 to Centos 5.4 kernel 2.6.18-164.6.1.el5
In our queue directory where we shuffle files to be processes some files will go missing.
Example structure
/Queues/Process1/subdir_xxx
/Queues/Process1/subdir_xxx
etc...
/Queues/Process2/subdir_xxx
/Queues/Process1/subdir_xxx
etc...
Where 'xxx' is a date/time string down to the second.
Each subdir entry contains a number of files, depending on load at the time.
What we see happening is that a subdir will appear empty from a client (ls -la shows . and .. ) but an rmdir will fail with a 'directory not empty' error. From all 7 clients (mix of Centos 4 and 5). However on the server the files are visible. If we 'touch' the files the clients will then pick them up and process them.
It doesn't appear that waiting any amount of time will make the files visible (we've waited 8 hours while testing).
We've tried different mount options, NFS4, etc. Nothing got rid of the issue. Changing one server to use CIFS however solved it. So it appears to be some bug in NFS.
The problem appears to be intermittent and random, we can go hours without seeing it, or minutes. I'd say it affects fare less then 1% of the files written.
View 2 Replies
View Related
Mar 3, 2010
i have Centos 5.3 installed with TXT mode i want to create and share one folder to be accesible to me from the network, to download and share files into it with my Host, i created the folder but dont know how to share it,
View 6 Replies
View Related
Jan 8, 2009
I can't seem to get the X server to allow access from clients on other hosts. (I know, not exactly a network problem, but. I made the change in /usr/share/gdm/defaults.conf to be : DisallowTCP=false
and this worked on another CentOS system, but it hasn't fixed it on this one. What other things could prevent other clients from connecting to the X server? From the local host, I get :
Warning: Tried to connect to session manager, Authentication Rejected, reason : None of the authentication protocols specified are supported and host-based authentication failed although the client DOES actually create the window and work! So, maybe this message is a clue.
From the remote host, I get : Error: Can't open display: 10.10.1.20:0.0 Which is not terribly informative. Is there a log somewhere which details why a connect request was denied? The files in /var/log/gdm are not very informative.
View 2 Replies
View Related
Oct 20, 2009
Don't work nslookup from clients guest OS.I have LinuxMint 7 and I'm installed VirtualBox on her. I created three guests OS. Two CentOS and XP
Name
The first CentOS linux1.starline.ca
The second CentOS centos.starline.ca
The third XP xp2.starline.ca[code].....
On the clients guest OS nslookup don't work. It write : timed out; no servers could be reached .What is going on? Why nslookup don't work from clients guest OS?On client machine in the file /etc/resolv.conf have record ameserver 168.135.88.2
View 2 Replies
View Related
May 13, 2010
I installed syslog-ng so I can receive remote logs. this is working however since I disabled syslog on my syslog-ng server I am not logging in /var/log/messages cron and some others.locally)I know this is because my syslog-ng.conf only references remote and not local.How can I edit the syslog-ng.conf file so that I can receive remote and local? I tried this however when adding in portions of the default config, I only receive local and not remote logs anymore. I am forwarding my config.
# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
[code]....
View 2 Replies
View Related
Jan 3, 2011
I am stepping into Linux world ...and I have chosen CentOS.
I have installed CentOS 5.5 on a dedicated IBM server successfully. My server has two network cards. I have configured eth0 for lease line internet connection with a live IP (113.xxx.xxx.xxx) and eth1 for local LAN with a static IP (192.168.0.1).
Now,
1. DHCP is working fine and I can access the server from my Windows XP clients.
2. I can access the server with SSH client PuTTY from home ( with the live IP ) and from the local LAN (with static IP 192.168.0.1)
3. I can access my shared server directory 'public' from my XP clients
4. Internet is working on sever and I have updated the server with yum update.
But, I cannot access internet from my XP clients machines.
I read "The Definitive Guide to CentOS" and tweaked the config files in different ways but it did not help. now after two sleepless nights I am here as my last hope.
I admit, I am not aware of every linux terms and commands, but I am getting into it. code...
View 8 Replies
View Related
Jan 11, 2011
i have openldap server with phpldapadmin as a gui, i'm gonna use the ldap server just for address book.you can see in the picture how i built my ldap db.
View 6 Replies
View Related
May 26, 2011
I have setup openldap and samba for authenticating Windows and Linux clients on my server. They are working fine. Windows users are getting authenticated through server as Primary Domain Controller and Linux clients directly from Openldap directory. But I have little problem that is I want to mount home folders created on server to be available on clients so clients get a centralized storage with some quota on both Linux and Windows clients. Can you help me please how can I do that.
View 3 Replies
View Related
