Results 1 to 6 of 6

Thread: Suse Authentication in Windows 2008 Active Directory

  1. #1

    Exclamation Suse Authentication in Windows 2008 Active Directory

    Hello,

    I am trying to set up a network with a Windows 2008 Server, using AD, I'm trying to authenticate in Suse with a Windows username( username@windowsad...), for it to work I have to have the user created both in the Windows AD and in Linux,it shouldn't have to be like this, I think.

    I gave each a different password and I'm logging in with the Windows password, so I know it is getting information from the AD, but it takes forever to log in, around 5 minutes, and this error keeps popping up meanwhile,

    Apr 2 18:33:15 Susy sshd[3839]: nss_ldap: failed to bind to LDAP server ldap:// 10.154.59.51: Invalid credentials
    Apr 2 18:33:15 Susy sshd[3839]: nss_ldap: failed to bind to LDAP server ldap:// windowsad-dc.windows-ad.testes.loc/: Invalid credentials
    Apr 2 18:33:15 Susy sshd[3839]: nss_ldap: reconnecting to LDAP server (sleeping 64 seconds)...

    I'm using kerberos alogside with ldap.


    Any idea what is going on???

    Thankyou!

  2. #2
    Join Date
    Feb 2009
    Location
    Malaysia
    Posts
    17

    Default Re: Suse Authentication in Windows 2008 Active Directory

    Can u give me your configuration of your /etc/krb.conf ?

  3. #3

    Default Re: Suse Authentication in Windows 2008 Active Directory

    Here it goes,(krb5.conf),


    [libdefaults]
    default_realm = WINDOWS-AD.TESTES.LOC
    clockskew = 300
    # default_realm = EXAMPLE.COM

    [realms]
    WINDOWS-AD.TESTES.LOC = {
    kdc = WINDOWSAD-DC.windows-ad.testes.loc
    default_domain = WINDOWS-AD.TESTES.LOC
    admin_server = WINDOWSAD-DC.windows-ad.testes.loc
    }
    .windows-ad.testes.loc = {
    kdc = 10.154.59.51
    default_domain = windows-ad.testes.loc
    admin_server = 10.154.59.51
    }





    # EXAMPLE.COM = {
    # kdc = kerberos.example.com
    # admin_server = kerberos.example.com
    # }

    [logging]
    kdc = FILE:/var/log/krb5/krb5kdc.log
    admin_server = FILE:/var/log/krb5/kadmind.log
    default = SYSLOG:NOTICEAEMON

    [appdefaults]
    pam = {
    ticket_lifetime = 1d
    renew_lifetime = 1d
    forwardable = true
    proxiable = false
    minimum_uid = 1
    clockskew = 300
    external = sshd
    use_shmem = sshd
    addressless = false
    debug = false
    debug_sensitive = false
    existing_ticket = false
    initial_prompt = false
    subsequent_prompt = false
    validate = false
    }

    [domain_realm]
    .windows-ad.testes.loc = .windows-ad.testes.loc
    .WINDOWS-AD.TESTES.LOC = WINDOWS-AD.TESTES.LOC




    Thanks!

  4. #4
    Join Date
    Feb 2009
    Location
    Malaysia
    Posts
    17

    Default Re: Suse Authentication in Windows 2008 Active Directory

    Normally, you dont have to create each user on both linux and windows machine. As from your krb5.conf, the setting is ok. Linux Operating system use winbind services to authenticate with AD machine. In your /etc/nsswitch.conf,you should have something like this

    passwd: files compact winbind
    group: files compact winbind

    1. winbind and samba services should be running.
    #/etc/init.d/winbind status or /etc/init.d/smb status

    2.Make sure u activate kerberos client by Go to Yast Control Centre -> Network Services -> Kerberos Client. Choose use kerberos client.

    3. After u activate kerberos client, try to test kerberos installation:
    # kinit administrator
    4. Key in your AD administrator password

    5. Linux machine should join windows domain account
    # net ads join -U administrator

    6. Test that Samba is communicating with the Active Directory domain with check whether winbind is enumerating users and groups.
    # wbinfo -t (it should response with 'checking the trust secret via RPC calls succeeded')

    Test whether we are authenticating against Windows Active Directory:
    wbinfo -u

    8. If u need the configuration in /etc/samba/smb.conf please let me know..

  5. #5
    Join Date
    Jun 2008
    Location
    Frisco, TX
    Posts
    1,184

    Default Re: Suse Authentication in Windows 2008 Active Directory

    On Sat, 2009-04-11 at 02:26 +0000, mahadzar81 wrote:
    > Normally, you dont have to create each user on both linux and windows
    > machine. As from your krb5.conf, the setting is ok. Linux Operating
    > system use winbind services to authenticate with AD machine. In your
    > /etc/nsswitch.conf,you should have something like this
    >
    > passwd: files compact winbind
    > group: files compact winbind


    probably should be compat instead of compact right?



  6. #6
    Join Date
    Feb 2009
    Location
    Malaysia
    Posts
    17

    Default Re: Suse Authentication in Windows 2008 Active Directory

    yup..i think so..

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •