Here are the steps I used to configure the machines...Just in case I missed
something. I'm wrote it uip as a 'how to' for future reference, not knowing
then that the 64-bit machine wasn't working.
I have re-verified every step on the 64-bit machines many times
Requres logon as mydomain\username but here is what I've done so far
1. configure kbr5.conf (kerbose authen). FAQ suggested using numeric ip
address, not dns name
[libdefaults]
default_realm = MYDOMAIN.com
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
MYDOMAIN.com = {
kdc = 192.168.2.6:88
admin_server = 192.168.2.6:749
}
MYDOMAIN.COM = {
kdc = 192.168.2.6
kdc = 192.168.2.7
}
[domain_realm]
.mydomain.com = MYDOMAIN.COM
mydomain.com = MYDOMAIN.COM
2. stop services:
service winbind stop
service smb stop
net ads join -U ads_administrator_name
This should give you feedback on what it finds t
There are the pertinent changes I made to smb.conf [run testparm to verify
typing!]
'#' are my comments for this post, not in my file
[global]
workgroup = mydomain #short domain name
realm = MYDOMAIN.COM #kerbos realm see below should
be caps
server string = Test Server #Description type field
for server
security = ads #I want Active Directory
Service (security?)
password server = 192.168.2.6 192.168.2.7 #my PDC, BDC
template primary group = mycompany #pre-configured group I
want as primary
template homedir = /home/%U # for use with pam_mkhomedirso
parent has to
# exist. /home/%D/%U
will create /home/mydomain/username
template shell = /bin/bash # shell I want them to start up
winbind use default domain = yes # this is supposed to keep
you from having to log on as
# as
mydomain\username but can just do username
# not working for me yet....
hosts allow = 192.168.2., 192.168.4., 127. #not required but I
want to controll what subnets
#can log on
[netlogon] # I uncommented this section, not sure if it wasnecessary
3. Run testparm to make sure it likes the edited file. The FAQ says to
restart the services but step 4 requires
a reboot
4. Add
session required /lib/security/$ISA/pam_mkhomedir.so skel=/etc/skel
umask=077
above
session required /lib/security/$ISA/pam_limits.so
to the /etc/pam.d/system-auth file. skel=/etc/skel are default files that
populate the directory
5. add
wbinfo --set-auth-user myuser
it will prompt to the the password and it will echo on screen and be
stored unencrypted.
6. Reboot and test
Sources:
Red hat FAQ
# 5851 (but change '= DOMAIN' to '= ads'
# 5787
# 5402
# 4760
might also want to read
# 918
Redhat docs install guide 11.6 User authentication with PAM
# 6047
man page for smb.conf
# 5532
# 5492
# 5402
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
