Re: Help with authenticating against Active Directory.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Milton Calnek wrote:
Hello all,

I'm trying to authenticate shell login's against an MS-ADS. I don't have admin access to the ADS, but I can talk to the admins.

I have gotten as far as getting authentication working, but the uid's depend on the order of login. ie: the first guy to login gets 10000, the next gets 10001, etc. The problem I have with this is that I want to share the home directories via nfs, which means everyone has to have the same id.

Is anyone else doing this?

My smb.conf and nsswitch.conf files are below.

TIA


You can get samba to be a single sign on using MS AD & issue predictable uids in linux. The smb.conf option:

  idmap backend = idmap_rid:DOMAIN=100000-3000000

will take the users' RID in AD, add 100000 to it, use that for the uid in Linux.

This smb.conf worked for me a couple years ago at my former employer, on RH4 type machines. Note I did not have an ldap server defined. This is the entire global section I used in all linux boxes that I joined to the domain.

[global]
       workgroup = DOMAIN
       realm = DOMAIN.EXAMPLE.COM
       server string = Samba Server
       security = ads
       # log level = 0 vfs:2
       log file = /var/log/samba/ALL.log
       max log size = 500
       socket options = TCP_NODELAY SO_RCVBUF=32768 SO_SNDBUF=32768
       load printers = No
       preferred master = No
       domain master = No
       dns proxy = No
       wins server = 192.168.1.1
       netbios name = LINUX999
       netbios aliases = host999
       ldap ssl = no
       idmap uid = 10000-3000000
       idmap gid = 10000-3000000
       template homedir = /users/%U
       template shell = /bin/bash
       winbind enum users = No
       winbind enum groups = No
       idmap backend = idmap_rid:DOMAIN=100000-3000000
       allow trusted domains = no
       username map = /etc/samba/smbusers
       name resolve order = wins bcast
       cups options = raw
       disable spoolss = Yes
       show add printer wizard = No
       os level = 1
       winbind use default domain = yes
       host msdfs = Yes
       admin users = DOMAIN\admin20 DOMAIN\admin22


--
Toby Bluhm
Alltech Medical Systems America, Inc.
30825 Aurora Road Suite 100
Solon Ohio 44139
440-424-2240


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux