Ubuntu :: SADMS Active Directory Cached Logins: Samba 3.4.7 / Kubuntu 10.04.1
Oct 13, 2010
I've been banging my head on this for a week... I finally got AD login working, but I can't get cached logins working. I installed SADMS, let it configure everything, and though I can now login, I still cannot login as my AD username when my machine is not connected to the AD network. I need to be able to login at home, connect to the VPN (if I can ever get that working), then sign on to services at work using my AD username.
Also, I cannot login to local accounts when the system is not connected to the AD network. Plus, home drive mapping is not working, our shares are \FILESERVERuseruser[I]username[I] so this does not work. UPDATE: I installed likewise-open, and now I can't login unless I use the full domain name when logging in via ssh, but I cannot login on the desktop, which is not what I want, now my username doesn't match the previous UID mapping, and my home directory is mapped to /home/likewise-open/DOMAIN/user, instead of /home/DOMAIN/user, like it was before.
View 9 Replies
ADVERTISEMENT
Dec 14, 2010
I'm tasked with creating a base image of ubuntu (one for server, one for workstation) that is locked down and has all the fluff taken out (naturally workstation will have more fluff left in it than server). Task list looks about like this:
1. Create list of deb packages "allowed", write script to list/uninstall everything else.
2. Hook the logins into either enterprise kerberos or Active Directory (yuck).
3. Write scripts to check things like setuid/setguid, disabling su, checking sudo permissions, configure iptables, etc.
4. Use a scanner to scan the system from outside the system (was thinking of using backtrace).
5. Custom-compile the kernel to strip out all the unneeded modules.
Before embarking on this awesome task I figured I'd check with you guys to see if you know of some resources that would make this task easier/quicker. I'm sure someone out there has already headed down this branch.
PS My boss *loves* ubuntu and isn't to keen on going with a deb (or other) distro that is already "security trimmed" without some serious convincing. I'm sure there are some out there, and if you want to pass along a couple for consideration, I'll check them out, but no guarantees he'll let me use it.
View 4 Replies
View Related
Feb 9, 2010
I have a freshly installed CentOS 5.4 box which I'm trying to get AD authentication working on. I have AD authentication via kerberos working for SSH, but when I try and have it work for SMB shares I'm getting an access denied error. What's even more odd is that when I tell pam to use winbind to authenticate SSH...it works just fine. Wbinfo -a username%password authenticates fine and getent passwd and group enumerates the AD users and groups ok. My smbd.log was throwing the following error "Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE" but has since stopped for some reason, but googling this indicated I needed re-join the machine to the domain, which I have.
View 3 Replies
View Related
Dec 18, 2010
I have ubuntu server 9.04 installed on my computer and I am trying to make a Domain Server. I have made sure that there are no problems in the configuration file. When I go to join the domain in windows 7 it tells me that it cannot find the Active Directory server.
View 2 Replies
View Related
Jul 20, 2010
I am the IT Manager at a research facility. We have a fairly unique network configuration in order to support all of the different projects we have going on. We have Red Hat, Ubuntu, Windows XP/Vista/7, Windows Servers 2003, Ubuntu servers, Red Hat servers, and even a few Netgear ReadyNAS and Buffalo Terastations. Over the last few years, I have been migrating all of my users and accounts to a single ACL list, which I chose to be a Windows AD 2003 server. 95% of my users work on Windows platforms and just use ssh tunnels to develop on our linux boxes.
However, i ran in to a problem with our Linux boxes not being able to symbolic link on my Windows 2003 file shares. Of course, this is a problem with Windows not supporting symbolic links. I know 2008 does support this feature, but given the economy and the budget restraints, we cannot afford to purchase the updates we would need, so now I am moving all of my shares to a Ubuntu 10.04 server using Samba. I have joined the server to my AD domain successfully, i can login using my AD credentials, and even assign ownership and group permissions using AD users/groups.
Here is my question.
I would like to keep the AD permission schemes intact. I have several shares that contain folders that have individual permission settings. For example, I have a /shared directory that contains about 50 different folders. Some of these folders I allow my users to write data to, some just read, and others I deny access to complete groups and just allow key groups to access (for example, personnel data should only be accessed by the Administrative staff).
Is there a way to make this work?
I can assign uid and gid manually per folder in Samba, but i would like to have the possibility to add multiple users and groups with permissions to folders, which I do not believe can be done with the standard chown commands. Currently, I can see the folder permissions from my Windows box, but when I try to edit the permission settings, it defaults back to full access. So my AD permissions are not being saved.
View 9 Replies
View Related
Feb 24, 2011
I'm having a problem with Active Directory and Share permissions that I cant seem to figure out. I used likewise-open to join my ubuntu server to a windows 2008 domain. Everything seems to be working fine. The problem is, the only way I can access the shares is if I CHMOD 777 the share directory. If I CHMOD 770, the Domain owner or Domain group member of the directory cant access the directory. Also, when creating a folder within the share, I need to set the directory mask as 777 in order to enter those sub folders.
Heres the share section from my smb.conf
Code:
[public]
comment = Ubuntu File Server Share
path = /srv/samba/public
browseable = yes
[Code]...
View 1 Replies
View Related
Jul 22, 2010
We have a couple of Windows file servers that just share files. It is all they do. We'd like to use Ubuntu on two replacement servers allowing Windows XP and Windows 7 clients to access the files. Our network is active directory based due to Exchange and homegrown .NET apps, so it is important that active directory is used to authenticate the clients. Samba doesn't need to be a pdc or bdc, but provide pass through authentication.I understand that Samba can communicate with active directory through security-ads and security-domain.
Here are my questions to see if I should proceed:1) Folder permissions:If we move all our files to the Ubuntu server how do we set folder permissions and will we see the active directory accounts when we do this?2) Skipping ubuntu accounts: I know the domain and ads allow you to skip creating ubuntu accounts, right? If not, how do you keep the passwords synchronized?3) Easiest way? Is there a very easy way to pull this off that I've missed? My goal is to eliminate the Windows based file servers while ensuring the admin part of it is as easy as possible.To date I've been able to get the sharing to work with an ubuntu account mirroring the active directory account. I've been able to get Samba to talk to the pdc, but not successfully through domain security. ADS security was a complete cluster with winbindd
View 3 Replies
View Related
May 19, 2011
My all production PC r running under ADC windows2008 server. Recently I implement a file server in CentOS 5. Now I want to integrate Samba (File sharing) using Active Directory so that all access permission to file server comes from AD's permission.
View 2 Replies
View Related
May 13, 2010
The company I work for, as usual, is Microsoft-centric. I'm attempting to integrate my Ubuntu server into the domain to allow domain users to authenticate to the server and access file shares using Samba. Here's my current configuration:
[Code].....
View 9 Replies
View Related
Feb 23, 2011
I have a samba server that I had setup using the default smbpasswd backend, and it worked fine. So long as I remembered to use smbpasswd/passwd to setup a user with a username and password matching the account name of a Windows 7 user, then that windows 7 user would be able to navigate the shares with their permissions correctly.I have switched over to using ldap, and: the console/ssh of the machine can correctly use any of the ldap logins getent passwd/group both show the complete listing my Windows 7 machines can all ping the samba server by its netbios name my Windows 7 machines all prompt for authentication if I type \MACHINENAME into explorerHowever, all attempts to access the shares now continually ask for you to enter your username/password, and then fails anyway.No errors appear to be generated on the server (unless I'm missing a log somewhere). Having hunted around on the web, I'm wondering if it has to do with generation of machine accounts (since it tries to access from MACHINENAMEUSER). Without ldap setup, I didn't need to worry about the machine name, but I'm thinking that maybe smbpasswd took care of this somehow.I use the smbldap-useradd tool to setup a user account, which appears to correctly setup the user in ldap, such as:
Code:
dn: uid=sharer,ou=Users,dc=intbus,dc=net
objectClass: top
[code]...
View 2 Replies
View Related
Feb 16, 2011
We have a Debian Lenny / Samba server sharing files on a LAN with Windows clients. We also have several remote users who login in via WinSCP to do simple file transfers. (A OpenVPN was too slow due to bandwidth issues.)
Is there a way to lock the WinSCP connections to a specific directory?
My first thought was to move the remote users' home directory to the portion of the directory tree shared via Samba:
usermod -d /data/public/ username
but that does not stop them from going up the directory tree.
View 1 Replies
View Related
Nov 16, 2010
I have set my Ubuntu 10.04 box with our Windows domain. I can see from "net ads info" that I am on the domain. I can also get the password and group info with getent.So far so good. But I have tried to configure pam basically by following this guide:http://www.ccs.neu.edu/home/battista...nbind/pam.html
Yet when I try to su or login as an AD user I just get and immediate "Unknown id: <userid>".I have had a look at /var/log/auth.log and there are no errors there.Can anyone provide some tips on debugging the pam configuration?
View 1 Replies
View Related
Jul 9, 2010
I want to update all the machines in the network from a central repository which is on my master server and whose archive directory is shared through samba.I searched in the man page of sources.list and found that there is an option for this but can't able to implement this. Can anybody kindly tell me the way to do the same.
View 1 Replies
View Related
Feb 24, 2010
I am running the Ubuntu Netbook Remix and setting up our systems for Active Directory Domain Authentication. When I am hard wired in (ethernet), AD authentication works with no problems using the Likewise-Open software (installed through Ubuntu Software Center). What I want to be able to do is have people authenticate with AD with only a wireless connection. Has anybody done this before?
View 1 Replies
View Related
Apr 22, 2010
Which package I need for install AD for linux ubuntu server 9.10
could you help explane my in example, which package i need install in server and which package i need install in client.
View 1 Replies
View Related
Jan 10, 2011
What is the The easiest way to authentication Active Directory with ubuntu.
View 2 Replies
View Related
Feb 22, 2011
How can I sync files from Windows Server 2008 to a Linux box? Windows Server can sync files to another active-directory box automatically. Can i do that with linux too?
View 2 Replies
View Related
Feb 3, 2010
Just installed Alfresco 3.2 using the Canonical repo in Karmic. Unable to find proper guide to enable Active Directory authentication.
View 3 Replies
View Related
Mar 11, 2010
I would like to set up Some kind of windows user manager in an ubuntu sever. The windows network is already set up. I've scoured the net for hours and found nothing.
View 3 Replies
View Related
Jun 5, 2010
I am having a problem using smbclient on my Ubuntu 10.04 workstation. I use likewise open5 to authenticate to a windows server 2003 domain controller. I installed the smbclient utility mounted the network drives to the local desktop, then all of a sudden I cannot logon to my active directory domain controller. If any one knows what I am talking about what am I doing wrong?
Do I need to change my smb.conf file? Or do I need to download another repository or utility?
View 1 Replies
View Related
Jul 27, 2010
Has anyone had success in getting likewise open or another tool to allow domain users to log in with wireless networking? I have an issue where GDM comes up, users attempts to log in and gets authentication error. After a few minutes it works. Centrify has the same issue.
I've tried removing network-manager and using /etc/network/interfaces to set up networking, which helps, but there's a 1-3 minute delay before a user may log in for the first time after a reboot. My theory is gdm gets loaded before networking is up. There's got to be a work around for this. Even having gdm just hanging for a minute while it waits for networking would be acceptable.
View 1 Replies
View Related
May 3, 2010
I've been trying to find a single set of instructions that define how to configure Fedora 12 to authenticate using Active directory without 100 steps (plus or minus) but difficult at best. I have about 12 Fedora 12 servers running as stand alone servers in a Windows 2003 network.
Can someone point me to a great set of instructions that can easily be replicated across multiple servers and a few workstations?
View 6 Replies
View Related
Jun 17, 2011
I'm actually a software developer, develop exclusively on Linux, and do know how to go about taking care of a Linux distro, so don't start telling me that 'sudo' isn't a sushi roll...
Question... I want to implement an Active Directory like authentication in a Linux-only environment. My office has approximately 15-25 local desktop PCs all running Ubuntu 10+ and one Ftp & SVN server running Ubuntu 10+.
Each developer has his/her own personal local account on his PC, and the shared PCs have different, local accounts for those developers. The FTP server has ONE (!!) account that everybody uses to access it, as does SVN.
The big picture is that I would like to install & configure a VPN server for remote developers. Before doing that, I'd like to find a way to unify the users across the network so that there exists only one UserX in the network.
View 4 Replies
View Related
Jul 18, 2010
I want to integrate the postfix with active directory that postfix can get the user information from active directory.
View 10 Replies
View Related
Oct 23, 2010
I have AD DS installed on Windows Server 2008 R2. Also, I've got SLES 10.3 as NFSv4 server, which will allow remote users to mount their /home partitions. What I need, is NFSv4 w/Kerberos. As AD server already has integrated Kerberos server, I need SLES to authenticate in it.Everything works good, but when it comes to svcgssd service activation, I receive an error.Here's the log:
/usr/sbin/rpc.svcgssd -f
ERROR: GSS-API: error in gss_acquire_cred(): Miscellaneous failure - No principal in keytab matches desired name
[code]....
View 1 Replies
View Related
May 6, 2009
My boss has commissioned me with creating a new file server to replace a M$ server that is installed now. We want to go with Linux for many reasons, but one big thing we want to be able to do is still manage permissions using M$ type permissions from our XP desktop's rather than unix style permissions. How would this be accomplished on a CentOS box?
View 1 Replies
View Related
Nov 8, 2010
Since yesterday I'm fighting with OpenVPN on Ubuntu 10.04TLS and I can not cope with the authorization of users from Windows 2008 AD server. It looks like this: Published 93.159.XX.XX IP address the router and all traffic directed to the internal LAN IP 10.0.1.210. Customers who will combine the different platforms are Mac OS, Linux, Windows XP, 7, Vista. The whole domain is for Windows 2008. Uploader authLDAP module, but I still can not connect, that is, not after entering the username and password from the W2K8 domain does not log
View 1 Replies
View Related
Nov 19, 2010
(This was posted at the end of another thread, where it probably didn't belong, so reposting here)I have Active Directory set up on one machine (and I can't really adjust the settings very much) and Ubuntu Server 10.04, which I would like to use as a client.I followed the directions at https://help.ubuntu.com/community/LD...Authentication, but when I get to
Code:
getent passwd
I don't see anything from the LDAP, and ssh'ing into the box from an LDAP/AD username certainly doesn't work.
In addition, I've attempted to use Webmin's LDAP Configuration module to configure it. I can connect to the server and can browse it with the LDAP browser with my settings, but the Webmin package doesn't recognize the users (which are organized in one of four Organizational Units (OUs) within the OU that I have as my Search Base) as users,
View 1 Replies
View Related
Mar 24, 2011
I need to setup windows Active Directory system and want to use our existing ubuntu server as Primary Domain Controller (samba). What I'd like to know is if its possible to setup a machine running standard Ubuntu as the PDC, or if I would need to install Ubuntu server.
View 2 Replies
View Related
May 26, 2011
I want to create a shared folder in a ubuntu sistem but I want to know if I can get access to some users of my domain active directory windows 2003 server?If I can, I would give that security in some of the subfolders of that shared folder as explained at the example:XAMPLE:
Backups (all have access and it's shared)
Mail of Charles (Can only have access Charles that have an account on domain)
Mail of John (Can only have access John)
[code]...
View 1 Replies
View Related
