Server :: Using Active Directory As KDC For NFSv4?
Oct 23, 2010
I have AD DS installed on Windows Server 2008 R2. Also, I've got SLES 10.3 as NFSv4 server, which will allow remote users to mount their /home partitions. What I need, is NFSv4 w/Kerberos. As AD server already has integrated Kerberos server, I need SLES to authenticate in it.Everything works good, but when it comes to svcgssd service activation, I receive an error.Here's the log:
/usr/sbin/rpc.svcgssd -f
ERROR: GSS-API: error in gss_acquire_cred(): Miscellaneous failure - No principal in keytab matches desired name
[code]....
View 1 Replies
ADVERTISEMENT
Jan 10, 2011
I need to install FTP Server in CentOS and it has to integrate with Windows 2003 Active Directory. Users should use their Active directory Credentials to upload or download files in FTP Server.
View 3 Replies
View Related
Jul 18, 2010
I want to integrate the postfix with active directory that postfix can get the user information from active directory.
View 10 Replies
View Related
Oct 10, 2010
this is vinoth. im using redhat el5 . i want to migrate windows 2003 server active directory with redhat linux el5 2.6.18-8.el5
View 2 Replies
View Related
Jan 27, 2011
I'm running OpenSuSE 11.3 (64 bit) with the latest kernel update as of yesterday. I've recently moved from NFSv3 to NFSv4 on 4 servers. Between the 4 servers there are 9 exported directories. All of them work except 1 on 1 of the 4 servers.
/etc/exports
# NFSv4 fsid=0 for the top level directory
/export *(rw,fsid=0,async,no_subtree_check,insecure)
# End
# NFSv3
/export/apps/oracle *(rw,async,fsid=7,no_subtree_check,insecure)
/export/ftpserver *(rw,async,fsid=6,no_subtree_check,insecure)
# End
I had to keep the NFSv3 entry as I need that as the mount doesn't work with v4.
/export directory listing
/export:
total 5
drwxr-xr-x 4 root root 104 2002-08-08 16:47 .
drwxr-xr-x 33 root root 944 2011-01-25 17:28 ..
drwxr-xr-x 10 root root 232 2010-01-26 10:01 apps
drwxr-xr-x 8 root root 4096 2010-12-13 12:31 ftpserver
/export/apps:
total 0
drwxr-xr-x 10 root root 232 2010-01-26 10:01 .
drwxr-xr-x 4 root root 104 2002-08-08 16:47 ..
drwx------ 3 root root 72 2008-08-06 16:40 etc
drwxr-xr-x 2 root root 240 2011-01-24 03:00 htdig
drwx------ 3 root root 72 2008-08-06 16:40 lib
drwx------ 2 root root 48 2002-07-02 13:18 lost+found
drwxr-xr-x 4 oracle oinstall 104 2009-01-07 09:59 oracle
drwx------ 5 root root 120 2008-08-06 16:40 usr
Now on any of the 4 servers if I do:
# mount -t nfs4 machinename:/apps/oracle /mnt
mount.nfs4: mounting lister:/apps/oracle failed, reason given by server:
No such file or directory
But the other sub-dir of /export is fine:
# mount -t nfs4 machinename:/apps/ftpserver /mnt
If I mount the pseudo root:
# mount -t nfs4 machinename:/ /mnt
# ls -l /mnt
total 4
drwxr-xr-x 2 root root 48 2002-08-08 15:20 apps
drwxr-xr-x 8 root root 4096 2010-12-13 12:31 ftpserver
But the apps sub-dir is empty
# ls -l /mnt/apps
total 0
On the server:
# ls -l /export/apps
total 0
drwx------ 3 root root 72 2008-08-06 16:40 etc
drwxr-xr-x 2 root root 240 2011-01-24 03:00 htdig
drwx------ 3 root root 72 2008-08-06 16:40 lib
drwx------ 2 root root 48 2002-07-02 13:18 lost+found
drwxr-xr-x 4 oracle oinstall 104 2009-01-07 09:59 oracle
drwx------ 5 root root 120 2008-08-06 16:40 usr
Well that explains why the NFSv4 mount of /apps/oracle fails because for some reason it can't "see" any files below that, but as I say the ftpserver sub-dir & mount are fine.
View 9 Replies
View Related
Apr 22, 2010
Which package I need for install AD for linux ubuntu server 9.10
could you help explane my in example, which package i need install in server and which package i need install in client.
View 1 Replies
View Related
Mar 10, 2011
I am trying out few stuff with Linux and Windows. I have a 'Postfix' mail server on CentOS 5.5 with 'dovecot' and 'squirrel' (webmail) working fine. I am just wondering, how can I create bulk mailboxes on CentOS 5.5 (for postscript) so that the the users can access their mail from the browser (squirrel mail)?
How can I integrate with Active Directory? I am also looking for techniques to automatically create bulk users (for example 100 users) on Active Directory with a default passwords (or random passwords if possible) that integrate with Postfix.
View 3 Replies
View Related
Nov 4, 2009
I would prefer to use a linux server for authentication but I will need the same configuration features.I have been looking for a good guide to setting up CentOS as an alternative to Active Directory, but have not found one yet.The features I want to see.
1. works with Windows clients.
2. Network Home folders (does not neessisarly need to hold profile information)
3. Logon scripts for clients.
4. shared printers
5. shared folders.
6. can log linux boxes in with the same credentials and logon scripts.
View 3 Replies
View Related
Aug 13, 2011
okay so we have multiple servers running CentOS and multiple people who need access to these machines for various tasks. i would like to be able to use the credentials from Active Directory (running on server 2008) to give them access to these servers without having to go through each server and add these people into permission groups. basically a single sign-on for all of these servers depending upon what permissions were granted in Active Directory. how do i go about doing this?
View 1 Replies
View Related
Dec 16, 2010
I have noticed that when I have my home directory mounted over network with NFSv4 ==> applications that use dconf to save preferences do not work correctly.
If I try to save preferences they won't save and I'm getting "Unable to contact dconf service" errors with Evince, Empathy etc.
I was googling this issue and I figured out that Dconf uses inotify() ( [url] and [url]) and those notifys don't work with NFS at all so the whole "dconf thing" doesn't work!
Am I right that Ubuntu is moving from GConf to DConf? If that is true I think this issue will be a serious problem if most of the applications use mechanism to save settings that doesn't work with NFS mounted drives. It is quite common to use NFS to mount home directory in some schools, companies and LTSP-machines.
I've tried to reinstall dconf and libdconf0 packages with no working result. When I'm using my home directory locally there is no problems.
And with Ubuntu 10.04/9.10/9.04... there were no these problems.
Links:
[url]
[url]
[url]
[url]
View 2 Replies
View Related
Mar 11, 2010
I would like to set up Some kind of windows user manager in an ubuntu sever. The windows network is already set up. I've scoured the net for hours and found nothing.
View 3 Replies
View Related
Jan 4, 2010
May I know if there is any tutorial to sync up Fedora DS to ADS?
View 2 Replies
View Related
Jan 27, 2011
I have around 12 users, with their profiles present on a Windows 2003 Active Directory and I would like to migrate to an open source free alternative.Could you recommend any alternative that supports the migration of user files from Active Directory?
View 1 Replies
View Related
Dec 30, 2010
I'm using squid 2.6, Win2008 AD server. Clients are using winxp, win7. how to config squid for the authentication with win2008 AD?
View 2 Replies
View Related
Nov 11, 2010
I have a squid server currently running with basic authentication. This is a must because we constantly have different people using different machines but the rules must be set per user, not per machine.
We also have a lot of users coming and going. So every time a new user comes to the office I have to manually create a user for him so he can authenticate.
Anyway.. We do not have any windows servers so no Active Directory. But I need some solution to pass the windows login to Squid.
First question: It seems I am using NTLM currently for samba as the person can map their home directories on their windows box withuot authenticating. Why can I not use it for squid?
Second question: Can I make my Centos server into an AD server?
View 1 Replies
View Related
Jul 29, 2009
I was working to integrate Centos 5 and AD 2003 R2, this is my set up Windows side:
1. Install Identity Management for Unix, (Windows R2 already includes the Unix attribute not entirely necessary to install IMU, but it makes easier to configure the attributes from ADUC, when IMU is installed the Unix attributes TAB is shown in the user properties)
2. Configure the Unix attributes for every user account that will be authenticating from centos.
3. Create an user account to be used as a proxy for ldap, a regular user would be enough. Password never expires.
4. Create a computer account for every centos host; assign this computer account as pre-windows 2000 account.
5. Assign a value of 4128 to the user account control property for the computer account.
[Code]...
View 1 Replies
View Related
Nov 19, 2010
(This was posted at the end of another thread, where it probably didn't belong, so reposting here)I have Active Directory set up on one machine (and I can't really adjust the settings very much) and Ubuntu Server 10.04, which I would like to use as a client.I followed the directions at https://help.ubuntu.com/community/LD...Authentication, but when I get to
Code:
getent passwd
I don't see anything from the LDAP, and ssh'ing into the box from an LDAP/AD username certainly doesn't work.
In addition, I've attempted to use Webmin's LDAP Configuration module to configure it. I can connect to the server and can browse it with the LDAP browser with my settings, but the Webmin package doesn't recognize the users (which are organized in one of four Organizational Units (OUs) within the OU that I have as my Search Base) as users,
View 1 Replies
View Related
May 26, 2011
I want to create a shared folder in a ubuntu sistem but I want to know if I can get access to some users of my domain active directory windows 2003 server?If I can, I would give that security in some of the subfolders of that shared folder as explained at the example:XAMPLE:
Backups (all have access and it's shared)
Mail of Charles (Can only have access Charles that have an account on domain)
Mail of John (Can only have access John)
[code]...
View 1 Replies
View Related
Nov 4, 2009
I have a Ubuntu 9.10 desktop, with an external HD shared via Samba, with some users and folders on it. I have another computer on the network running Winblows Server 03', handling Active Directory (that I am still setting up and testing before any serious implementation.) I've been testing GPOs I am building on an XP SP3 virtual machine that is running off my Ubuntu desktop as well, that I joined to the AD domain.
However, the Domain Controller doesn't have a very big hard drive, and I'd like to take advantage of having 930GB free on this external hard drive for roaming user profiles, especially since I backup all of the drive contents every week. This would simplify a lot for me. What would you recommend is the best way to go about setting this up with my Samba configuration? I have a feeling /media/Slave/UserProfiles permissions will get somewhat complex.
View 2 Replies
View Related
Feb 26, 2011
We have a small group of linux servers, currently with local logins. I want to eliminate the local logins and authenticate against the corporate AD. I've been looking at PAM - but winbind requires each machine to be added to the AD. This becomes a pain if we create new virtual or physical servers. Is it possible to have one server authenticate directly with AD, and the other servers authenticate against this server, which defers to the one server that is registered in AD?
View 3 Replies
View Related
Jan 22, 2010
I have running windows 2008 active directory. need to login ad users to linux system, which is inside the windows domain
View 3 Replies
View Related
Feb 1, 2010
I'm trying to get our linux servers to use Active Directory (AD), and have gotten our linux (RHEL 5) server to fetch users and groups from AD. Now I'd like to add computers (and groups of computers) to AD, and have our linux boxes make use of this info. Does anyone know how to get our linux-boxes to understand computers and computer group objects on AD?
View 2 Replies
View Related
Mar 11, 2010
When i try to join my Ubuntu server to Microsoft Active Directory domain, i get the error message below.
Kinit failed: Clock skew too great Failed to join domain: Time difference at domain controller I know the reason is because of the time difference between my domain controller and the Ubuntu server. But what i want to know is that possible to join a domain without time synchronisation? Because my domain controller is working for another time zone, for another Country, so i can not synchronise it with my Ubuntu server.
View 8 Replies
View Related
Jun 29, 2011
I need to bring my Suse 11 server into active directory domain using samba and winbind. Please let me know the procedure how to do this.
View 3 Replies
View Related
Jan 28, 2010
I'm fairly new to Linux and very new to Squid and am having authentication issues! I am using Oracle Enterprise Linux (which is basically Red Hat without the branding) and wanting to use Squid Proxy Server for web access with authentication to Active Directory. I've found a number of articles about this online and all of them say to use auth program squid_ldap_conf which should be in /usr/lib/squid/. I don't have a squid directory in /usr/lib for starters and my squid binaries are in /etc/squid but there is no squid_ldap_conf in there either. I have installed the latest version of Squid (3.0) to see if that helped but I still cannot find the authorisation program.
View 3 Replies
View Related
May 19, 2011
My all production PC r running under ADC windows2008 server. Recently I implement a file server in CentOS 5. Now I want to integrate Samba (File sharing) using Active Directory so that all access permission to file server comes from AD's permission.
View 2 Replies
View Related
Oct 5, 2010
I would like to be able to get squid or dansguardian to authenticate a user account against active directory so that a users browsing activities can be logged.
I can find lots a very useful info on how to set up ntlm_auth etc, but all of these methods produce a pop up window when the user launches the browser.
I'm posting this thread because I would like to be able to authenicate, but without a pop up window. Is there a way of automatically carrying out this authentication so that the user is unaware of it.
We've previously attempted authenticating against an NT4 PDC, but the users worked out that they could use any user account on the network, not just the user that was logged in which kinda defeated the whole idea of logging the users activity.
My current setup is:
Windows 2003 AD
Windows XP Clients, soon to be converted to windows 7.
Fedora 11 running squid and dansguardian.
View 2 Replies
View Related
Jul 22, 2010
We have a couple of Windows file servers that just share files. It is all they do. We'd like to use Ubuntu on two replacement servers allowing Windows XP and Windows 7 clients to access the files. Our network is active directory based due to Exchange and homegrown .NET apps, so it is important that active directory is used to authenticate the clients. Samba doesn't need to be a pdc or bdc, but provide pass through authentication.I understand that Samba can communicate with active directory through security-ads and security-domain.
Here are my questions to see if I should proceed:1) Folder permissions:If we move all our files to the Ubuntu server how do we set folder permissions and will we see the active directory accounts when we do this?2) Skipping ubuntu accounts: I know the domain and ads allow you to skip creating ubuntu accounts, right? If not, how do you keep the passwords synchronized?3) Easiest way? Is there a very easy way to pull this off that I've missed? My goal is to eliminate the Windows based file servers while ensuring the admin part of it is as easy as possible.To date I've been able to get the sharing to work with an ubuntu account mirroring the active directory account. I've been able to get Samba to talk to the pdc, but not successfully through domain security. ADS security was a complete cluster with winbindd
View 3 Replies
View Related
Mar 8, 2011
setup user authentication server and internet accounting server like ISA and Active Directory in Windows?
View 4 Replies
View Related
Mar 28, 2011
I am attempting to Kerborize an NFS server on a RHEL6 machine, but I cannot get it quite right. The error message I receive when executing the following command (as myself, not as root) is:
Code:
I have a keytab generated from the KDC for both NFS server and NFS client (both RHEL6 hosts) placed in /etc, and I have configured PAM/Kerberos so I can login via SSH and see I have a valid ticket with klist.
I can login to both NFS server and NFS client via SSH and get a ticket, but I don't know where the problematic NFS permissions reside.
The /etc/exports file on the NFS server looks like:
Code:
I have disabled IP Tables on both client and server, and hosts.allow and hosts.deny are not blocking traffic at the moment. On the NFS server.
Here is the output of rpcinfo:
On the NFS client, here is the output of that same command:
View 1 Replies
View Related
