Networking :: Using Windows Active Directory Groups
Apr 21, 2010
The scenario is I have a Windows Server 2003 Domain Controller which runs ADUC. I have created some security groups which I would like to apply to my network shares. The problem is, the majority of my network shares are based on Open Suse machines which, although are part of the domain, when trying to configure the shares using SMB, do not allow me to select the Active Directory groups. Any solution which will allow me to use ADUC security groups?
I already know of a work around to fix this problem, but I guess my question is why is this not working as expected? I am using a Windows Server 2008 R2 Active Directory for authentication.
I have run auth-client-config for the ldap profile and pam-auth-update. When running getent passwd, I get a list of both the local users and the users in the active directory (with populated information in the Unix schema extension). When running getent group I get a list of both the local groups and the groups in the active directory (with populated information in the Unix schema extension).
Interestingly enough, though, when I run su DOMAINUSER, after the prompt for the password I get an authentication error. In /var/log/auth.log I can see an entry with pam_ldap: missing "host" in file "/etc/ldap.conf". The SRV records in the DNS servers resolve correctly. I've checked this with nslookup and I have seen the records within my zone file. Obviously if the ldap.conf file is working with getent and the ldap server is resolving from the SRV records, it is working fine.
The interesting part is that the Windows Server 2008 R2 AD machine shows in the event viewer that there was a successful authentication, yet the Ubuntu box says no. When I add the host within the ldap.conf file, everything works...getent and the actual authentication, either initial login or su.
I have running on RHL enterprise 4. I want to configure squid users to authenticate against windows 2003 active directory. How do I go about from scratch
I've been looking for alternatives to Active Directory with Centos mainly SAMBA and OpenLDAP. I have worked with SAMBA and I know I can create a PDC and make clients join a domain but how about enforcing Group Policy?... is this possible with SAMBA or OpenLDAP/LDAP?
I would like to set up Some kind of windows user manager in an ubuntu sever. The windows network is already set up. I've scoured the net for hours and found nothing.
I have ubuntu server 9.04 installed on my computer and I am trying to make a Domain Server. I have made sure that there are no problems in the configuration file. When I go to join the domain in windows 7 it tells me that it cannot find the Active Directory server.
I need to setup windows Active Directory system and want to use our existing ubuntu server as Primary Domain Controller (samba). What I'd like to know is if its possible to setup a machine running standard Ubuntu as the PDC, or if I would need to install Ubuntu server.
I want to use LDAP on SUSE 10 to authorize the use of certain objects within IBM's MQ Series via the setmqaut command. I do not want to authenticate these users to the Linux server itself via LDAP. Users that actually log onto the Linux server will be authenticated through a product from Quest formly known as VAS. My question is, does LDAP require the use of PAM or can I utilize the facilities within LDAP to communicate with a Windows Active Directory so that I can authorize the use of MQ Series objects and not authenticate actual users that would log onto the server.
We have a small group of linux servers, currently with local logins. I want to eliminate the local logins and authenticate against the corporate AD. I've been looking at PAM - but winbind requires each machine to be added to the AD. This becomes a pain if we create new virtual or physical servers. Is it possible to have one server authenticate directly with AD, and the other servers authenticate against this server, which defers to the one server that is registered in AD?
I am currently trying to set up a Samba domain server. In the Samba-HOWTO-Collection I found an example file.(Point 3.3.3.1) In the explanations of the example below, the author says I need to map UNIX Groups to NT Groups. He writes a shell-script of how one could do it, but when I copy it and then execute it, I get the error:
Bad option: rid=512 Bad option: rid=513 Bad option: rid=514
The other groups do get mapped, just the Domain Admins, Domain Users and Domain Guests dont. This is the shell from the HOWTO:
#!/bin/bash #### Shell-Skript f ̈r sp ̈tere Verwendung aufbewahren net groupmap modify ntgroup="Domain Admins" unixgroup=ntadmins rid=512 net groupmap modify ntgroup="Domain Users" unixgroup=users rid=513 net groupmap modify ntgroup="Domain Guests" unixgroup=nobody rid=514
We have a couple of Windows file servers that just share files. It is all they do. We'd like to use Ubuntu on two replacement servers allowing Windows XP and Windows 7 clients to access the files. Our network is active directory based due to Exchange and homegrown .NET apps, so it is important that active directory is used to authenticate the clients. Samba doesn't need to be a pdc or bdc, but provide pass through authentication.I understand that Samba can communicate with active directory through security-ads and security-domain.
Here are my questions to see if I should proceed:1) Folder permissions:If we move all our files to the Ubuntu server how do we set folder permissions and will we see the active directory accounts when we do this?2) Skipping ubuntu accounts: I know the domain and ads allow you to skip creating ubuntu accounts, right? If not, how do you keep the passwords synchronized?3) Easiest way? Is there a very easy way to pull this off that I've missed? My goal is to eliminate the Windows based file servers while ensuring the admin part of it is as easy as possible.To date I've been able to get the sharing to work with an ubuntu account mirroring the active directory account. I've been able to get Samba to talk to the pdc, but not successfully through domain security. ADS security was a complete cluster with winbindd
I have set my Ubuntu 10.04 box with our Windows domain. I can see from "net ads info" that I am on the domain. I can also get the password and group info with getent.So far so good. But I have tried to configure pam basically by following this guide:http://www.ccs.neu.edu/home/battista...nbind/pam.html
Yet when I try to su or login as an AD user I just get and immediate "Unknown id: <userid>".I have had a look at /var/log/auth.log and there are no errors there.Can anyone provide some tips on debugging the pam configuration?
I am running the Ubuntu Netbook Remix and setting up our systems for Active Directory Domain Authentication. When I am hard wired in (ethernet), AD authentication works with no problems using the Likewise-Open software (installed through Ubuntu Software Center). What I want to be able to do is have people authenticate with AD with only a wireless connection. Has anybody done this before?
I have successfully connected (and authenticated the user) from linux (Ubuntu) to Active Directory (windows 2003) using "Likewise Open".
1. at the login screen I have to enter "example.localusername" to login. how can I simplify the login so that the user can choose (click)the domain and just enter the username and password (like the login in windows) or make the domain the default.
2. how can I configure the default user profile? meaning, when the user login for the first time, I want to configure his profile. does it use the "/etc/skel" directory like the regular local login?
But here is my problem... I have a windows 2003 server mini tower ATX running VMware workstation 7.0 that has a Ubuntu server 32-bit and a Ubuntu desktop; both versions are 10.04. Now, my ubuntu server edition joins active directory just fine, but my ubuntu desktop does not.
I'm having a problem with squidguard filter with AD authentication. I have downloaded the latest stable source package from squidguard site and I followed the instructions for the ldap(AD) authentication but it does not work at all.I have googled and tried everything but no luck. (first 30 hits on google) Anyway this is the LDAP auth part: http://www.squidguard.org/Doc/authentication.html at squidguard and this is how to build the package.
I am testing CentOS 5.4 on a virtual machine before deploying to a server.I am trying to get authentication through our Active Directory server, without actually joining the machine to the domain.I tried multiple tutorials, including this one: URL...Basically I enabled authentication through kerberos and modified my ldap.conf file.
I'm having a problem with Active Directory and Share permissions that I cant seem to figure out. I used likewise-open to join my ubuntu server to a windows 2008 domain. Everything seems to be working fine. The problem is, the only way I can access the shares is if I CHMOD 777 the share directory. If I CHMOD 770, the Domain owner or Domain group member of the directory cant access the directory. Also, when creating a folder within the share, I need to set the directory mask as 777 in order to enter those sub folders.
I want to create a network similar to windows network on linux .Users should have profiles and can do network login similar to active directory on windows.
I've got this current configuration : 1 squid server authenticating with 1 forest abc.com, then another company wants to joint but in different forest efg.com, I've already configured trust relationshipt between them.
How should I configured at squid.conf so it will authenticate both domain ?
At squid.conf I've already configured like the following below for abc.com :
Is it enough to adding a new line for auth_param basic program for efg.com ?
I need to install FTP Server in CentOS and it has to integrate with Windows 2003 Active Directory. Users should use their Active directory Credentials to upload or download files in FTP Server.
How to control a windows system by using linux server i know linux is a cross flatfarm. But how to Authenticate windows system like in windows we use AD for user authentication.
I've very new to linux, so please excuse my ignorance. I am trying to setup a number of servers to authenticate against my Windows Server 2003 active directory. I have successfully done this with one computer (Dell Optiplex 755), but I can?t seem to get it to work with my servers (Dell PowerEdge R710). I am using Fedora 11. I have setup samba and pam and have successfully joined the network. Everything with winbind seems to be working properly and I can get all the user info, etc. When I log in with a local account, everything is fine. If I try to log in with an account from my domain through SSH, I see the message Code:/usr/bin/xauth: creating new authority file /home/apkelley/.XauthorityAfter that, nothing happens and it is as if I haven?t connected to anything. If I try to log into the actual server using the graphical interface, it starts logging me in, shows a blank screen for about a second, and then returns to the login screen as if nothing has happened.I would greatly appreciate any suggestions for how I might fix this problem or how to find out more information about the error.Here are my smb.conf and system-auth files:
I am in need of a rather complicated permissions scheme for particular directory. I have a directory /data I want the group developers to have read and execute access to this directory. Then, I want the group research to have read, execute, and WRITE permission for this directory. Now, I have a second directory /code which developers and research have full access to. And I have a third group, operations I want operations to be able to read /data but not be able to read /code Is this permissions scheme possible in linux?
I've been trying to find a single set of instructions that define how to configure Fedora 12 to authenticate using Active directory without 100 steps (plus or minus) but difficult at best. I have about 12 Fedora 12 servers running as stand alone servers in a Windows 2003 network.
Can someone point me to a great set of instructions that can easily be replicated across multiple servers and a few workstations?
I'm actually a software developer, develop exclusively on Linux, and do know how to go about taking care of a Linux distro, so don't start telling me that 'sudo' isn't a sushi roll...
Question... I want to implement an Active Directory like authentication in a Linux-only environment. My office has approximately 15-25 local desktop PCs all running Ubuntu 10+ and one Ftp & SVN server running Ubuntu 10+.
Each developer has his/her own personal local account on his PC, and the shared PCs have different, local accounts for those developers. The FTP server has ONE (!!) account that everybody uses to access it, as does SVN.
The big picture is that I would like to install & configure a VPN server for remote developers. Before doing that, I'd like to find a way to unify the users across the network so that there exists only one UserX in the network.
