Active Directory Integration

megamaced · 29-06-2008, 11:37 PM

Hey

I can't believe how much pain this is causing me! I am trying to authenticate CentOS 5.2 to my Windows Server 2003 SP2 Active Directory domain. I've been editing the smb.conf and krb5.conf files for so long that my fingertips are starting to bleed!

I've managed to join CentOS to the domain and can see it in the Computers OU. The wbinfo -u and -g commands show the AD groups and users respectively. I just can't log in as Windows Administrator through GDM. In fact I am not even sure what the correct syntax for the user name is in GDM. Do I enter "administrator@domain.com" or "DOMAIN\administrator"?

Can anybody point me to a Active Directory integration guide that is proven to work on RedHat/CentOS 5.x?

Cheers

Anti-Trend · 29-06-2008, 11:45 PM

In pure AD, use the FQDN, not the NT4-style domain name.

It sounds like you may have a partial trust, but obviously everything isn't yet 100%. As far as troubleshooting the issue, logs are the key. (Re)start winbind with a verbosity level of 3 or 4, then try to join. Look at the logs on both the AD side and the winbind side and you'll most likely be able to figure it out. If not, please attach some verbose logs and I'll see what I can do to help.

megamaced · 30-06-2008, 05:23 PM

I actually managed to get Ubuntu 8.04 to connect flawlessly to my work's Active Directory today using a guide on the Ubuntu wiki. I am suprised that I could do it in Ubuntu so easily but not using the "enterprise ready" Redhat distribution... though that's probably due to using bad HOWTOs!

Whats the command for restarting winbind using verbose? And if I re-install the Samba and Kerboros packages, will I get the option to overwrite the smb.conf and krb5.conf to their defaults? I'd like to start again you see.

Off Topic:

I am planning to study for RHCT next year and hopefully move into Linux support eventually. I am tied of fixing Windows...

Anti-Trend · 30-06-2008, 06:52 PM

Winbind is winbind, be it on RHEL or some other distro. RHEL makes a much better server than Ubuntu though, if you ask me. How you restart winbind depends on the distro, as RHEL and Debian have different ways of doing this. Ultimately though, you would stop the process, e.g.

Code:

/etc/init.d/winbindd stop

then start it again manually:

Code:

/usr/sbin/winbindd -d 4

You don't want to run it with elevated verbosity for long though, since it will quickly fill up your logs with highly detailed (and mostly useless) information.

megamaced · 01-07-2008, 10:04 AM

Ok ta, I will re-attempt AD integration for CentOS later this weekend.

29-06-2008, 11:37 PM	#1 (permalink) Top
megamaced Geek Geek Geek! Join Date: Nov 2005 Age: 24 Male Posts: 3,409 Times Helpful: 346 My Mood: Shocked Status: Offline My Computer	Active Directory Integration Hey I can't believe how much pain this is causing me! I am trying to authenticate CentOS 5.2 to my Windows Server 2003 SP2 Active Directory domain. I've been editing the smb.conf and krb5.conf files for so long that my fingertips are starting to bleed! I've managed to join CentOS to the domain and can see it in the Computers OU. The wbinfo -u and -g commands show the AD groups and users respectively. I just can't log in as Windows Administrator through GDM. In fact I am not even sure what the correct syntax for the user name is in GDM. Do I enter "administrator@domain.com" or "DOMAIN\administrator"? Can anybody point me to a Active Directory integration guide that is proven to work on RedHat/CentOS 5.x? Cheers __________________ "A computer is like air conditioning: it becomes useless when you open windows". ~Linus Torvalds

29-06-2008, 11:45 PM	#2 (permalink) Top
Anti-Trend Nonconformist Geek Join Date: Oct 2003 Age: 27 Male Posts: 4,775 Times Helpful: 520 Status: Offline My Computer	In pure AD, use the FQDN, not the NT4-style domain name. It sounds like you may have a partial trust, but obviously everything isn't yet 100%. As far as troubleshooting the issue, logs are the key. (Re)start winbind with a verbosity level of 3 or 4, then try to join. Look at the logs on both the AD side and the winbind side and you'll most likely be able to figure it out. If not, please attach some verbose logs and I'll see what I can do to help. __________________ See My Desktop \| Try Linux \| Install Linux \| Visit My Server \| Support Hardware Forums \| Easily rip DVDs in Linux

30-06-2008, 05:23 PM	#3 (permalink) Top
megamaced Geek Geek Geek! Join Date: Nov 2005 Age: 24 Male Posts: 3,409 Times Helpful: 346 My Mood: Shocked Status: Offline My Computer	I actually managed to get Ubuntu 8.04 to connect flawlessly to my work's Active Directory today using a guide on the Ubuntu wiki. I am suprised that I could do it in Ubuntu so easily but not using the "enterprise ready" Redhat distribution... though that's probably due to using bad HOWTOs! Whats the command for restarting winbind using verbose? And if I re-install the Samba and Kerboros packages, will I get the option to overwrite the smb.conf and krb5.conf to their defaults? I'd like to start again you see. Off Topic: I am planning to study for RHCT next year and hopefully move into Linux support eventually. I am tied of fixing Windows... __________________ "A computer is like air conditioning: it becomes useless when you open windows". ~Linus Torvalds

30-06-2008, 06:52 PM	#4 (permalink) Top
Anti-Trend Nonconformist Geek Join Date: Oct 2003 Age: 27 Male Posts: 4,775 Times Helpful: 520 Status: Offline My Computer	Winbind is winbind, be it on RHEL or some other distro. RHEL makes a much better server than Ubuntu though, if you ask me. How you restart winbind depends on the distro, as RHEL and Debian have different ways of doing this. Ultimately though, you would stop the process, e.g. Code: /etc/init.d/winbindd stop then start it again manually: Code: /usr/sbin/winbindd -d 4 You don't want to run it with elevated verbosity for long though, since it will quickly fill up your logs with highly detailed (and mostly useless) information. __________________ See My Desktop \| Try Linux \| Install Linux \| Visit My Server \| Support Hardware Forums \| Easily rip DVDs in Linux

01-07-2008, 10:04 AM	#5 (permalink) Top
megamaced Geek Geek Geek! Join Date: Nov 2005 Age: 24 Male Posts: 3,409 Times Helpful: 346 My Mood: Shocked Status: Offline My Computer	Ok ta, I will re-attempt AD integration for CentOS later this weekend. __________________ "A computer is like air conditioning: it becomes useless when you open windows". ~Linus Torvalds

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Installing Wine From Directory	X slash X	Linux and Other OSes	4	18-08-2007 04:08 PM
ULI RAID driver integration!!	motorheadbiker	CPU, Motherboards and Memory	5	20-05-2007 06:34 PM
How about an ImageShack integration?	Exfoliate	Suggestions and Feedback	5	28-09-2005 02:54 AM
Most active members!	Exfoliate	General Chat	35	08-05-2005 09:27 PM