Active Directory Integration

Discussion in 'Linux, BSD and Other OS's' started by megamaced, Jun 29, 2008.

  1. megamaced

    megamaced Geek Geek Geek!

    Likes Received:
    0
    Trophy Points:
    36
    Hey

    I can't believe how much pain this is causing me! I am trying to authenticate CentOS 5.2 to my Windows Server 2003 SP2 Active Directory domain. I've been editing the smb.conf and krb5.conf files for so long that my fingertips are starting to bleed!

    I've managed to join CentOS to the domain and can see it in the Computers OU. The wbinfo -u and -g commands show the AD groups and users respectively. I just can't log in as Windows Administrator through GDM. In fact I am not even sure what the correct syntax for the user name is in GDM. Do I enter "administrator@domain.com" or "DOMAIN\administrator"?

    Can anybody point me to a Active Directory integration guide that is proven to work on RedHat/CentOS 5.x?

    Cheers
     
  2. Anti-Trend

    Anti-Trend Nonconformist Geek Staff Member

    Likes Received:
    118
    Trophy Points:
    63
    In pure AD, use the FQDN, not the NT4-style domain name.

    It sounds like you may have a partial trust, but obviously everything isn't yet 100%. As far as troubleshooting the issue, logs are the key. (Re)start winbind with a verbosity level of 3 or 4, then try to join. Look at the logs on both the AD side and the winbind side and you'll most likely be able to figure it out. If not, please attach some verbose logs and I'll see what I can do to help.
     
  3. megamaced

    megamaced Geek Geek Geek!

    Likes Received:
    0
    Trophy Points:
    36
    I actually managed to get Ubuntu 8.04 to connect flawlessly to my work's Active Directory today using a guide on the Ubuntu wiki. I am suprised that I could do it in Ubuntu so easily but not using the "enterprise ready" Redhat distribution... though that's probably due to using bad HOWTOs!

    Whats the command for restarting winbind using verbose? And if I re-install the Samba and Kerboros packages, will I get the option to overwrite the smb.conf and krb5.conf to their defaults? I'd like to start again you see.

    [ot] I am planning to study for RHCT next year and hopefully move into Linux support eventually. I am tied of fixing Windows... :) [/ot]
     
  4. Anti-Trend

    Anti-Trend Nonconformist Geek Staff Member

    Likes Received:
    118
    Trophy Points:
    63
    Winbind is winbind, be it on RHEL or some other distro. RHEL makes a much better server than Ubuntu though, if you ask me. How you restart winbind depends on the distro, as RHEL and Debian have different ways of doing this. Ultimately though, you would stop the process, e.g.
    Code:
    /etc/init.d/winbindd stop
    then start it again manually:
    Code:
    /usr/sbin/winbindd -d 4
    You don't want to run it with elevated verbosity for long though, since it will quickly fill up your logs with highly detailed (and mostly useless) information.
     
  5. megamaced

    megamaced Geek Geek Geek!

    Likes Received:
    0
    Trophy Points:
    36
    Ok ta, I will re-attempt AD integration for CentOS later this weekend.
     

Share This Page