Page 1 of 4 123 ... LastLast
Results 1 to 10 of 34

Thread: Active Directory Authentication

  1. #1
    Join Date
    Aug 2009
    Location
    United States
    Posts
    288

    Default Active Directory Authentication

    Hello,

    I am trying to connect my openSuSE 13.1 machine to my Windows Server 2012 R2 AD server. I have already set everything up, and the machine is found as a computer on the server, so I know that it connected to the server properly. When I go to log in, I select my domain from the list on the login screen, type in my username and password. When I try to log in, I get the message "login failed". I can still contact the server with my Windows Clients, so I know that the ADDS Server is still running properly. I also know it is not the firewall because I temporarily disabled it to make sure. I get the same message with it off as I do with it on.

    Does anyone have any ideas as to what could be causing this?

    Thank you,

    Allen Howard
    Allen Howard
    Comptia A+, Network+, CCENT, and IT for Sales Certified Technician
    ____________________________________________________

  2. #2
    Join Date
    Jun 2008
    Location
    West Yorkshire, UK
    Posts
    3,319

    Default Re: Active Directory Authentication

    When you say you have 'set everything up,' does that include Samba? Are you sure that you are sending the login details in the encoding Windows expects?

  3. #3
    Join Date
    Aug 2009
    Location
    United States
    Posts
    288

    Default Re: Active Directory Authentication

    Quote Originally Posted by john_hudson View Post
    When you say you have 'set everything up,' does that include Samba? Are you sure that you are sending the login details in the encoding Windows expects?
    I used the YaST tools to set up the domain integration... I was under the assumption that it set everything up for the integration correctly. I have seen some articles online that just show the YaST configuration. Is there something else I have to do besides using the Windows Domain Membership applet in YaST?

    Thank you,
    Allen Howard
    Comptia A+, Network+, CCENT, and IT for Sales Certified Technician
    ____________________________________________________

  4. #4
    Join Date
    Sep 2012
    Location
    Canada
    Posts
    112

    Default Re: Active Directory Authentication

    Hi varder95,

    Quote Originally Posted by varder95
    When I try to log in, I get the message "login failed". I can still contact the server with my Windows Clients, so I know that the ADDS Server is still running properly. I also know it is not the firewall because I temporarily disabled it to make sure. I get the same message with it off as I do with it on.
    It reminds me issues I had with NT4 domains and openSUSE because nmb wasn't up and running at boot. But as you are using an AD domain you shouldn't need NetBIOS name resolving to locate the domain controller. So, I suspect a bad value for the security global parameter in the smb.conf configuration file of the openSUSE box.

    Quote Originally Posted by varder95
    I used the YaST tools to set up the domain integration... I was under the assumption that it set everything up for the integration correctly. I have seen some articles online that just show the YaST configuration. Is there something else I have to do besides using the Windows Domain Membership applet in YaST?
    I fear that YaST tools set up a NT4 domain membership, not an AD domain membership. To be sure, you should check the smb.conf of the openSUSE box. An AD domain membership must have the global parameter security set to ads. If it's set to domain, your openSUSE box is configured for a good old NT4 domain.
    Kalten

  5. #5
    Join Date
    Aug 2009
    Location
    United States
    Posts
    288

    Default Re: Active Directory Authentication

    Hi Kalten,

    Thank you for your response. I just verified that the security is set to ADS. I just verified that the openSUSE machine can find the domain controller using ping, and it can find it without a problem.

    Thank you again,
    Allen Howard
    Comptia A+, Network+, CCENT, and IT for Sales Certified Technician
    ____________________________________________________

  6. #6
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    16,293

    Default Re: Active Directory Authentication

    On Sun, 15 Dec 2013 16:36:02 +0000, vader95 wrote:

    > Hi Kalten,
    >
    > Thank you for your response. I just verified that the security is set
    > to ADS. I just verified that the openSUSE machine can find the domain
    > controller using ping, and it can find it without a problem.


    Make sure the time is in sync. AD's Kerberos (and Kerberos in general)
    requires the time be set properly, or the authentication won't succeed.

    You might also check the server's logs to see if there's any indication
    of what went wrong.

    Jim



    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  7. #7
    Join Date
    Aug 2009
    Location
    United States
    Posts
    288

    Default Re: Active Directory Authentication

    I made sure the time was in sync, and it was. I also checked the error logs on the server and nothing is showing as a problem. I don't even see any attempted logons from the openSUSE machine. In fact, the only error that exists is that the AD server can't replicate to my backup server (which is to be expected as my backup server is offline for maintenance right now). To me, it doesn't seem like there is enough time for the openSUSE machine to even try to get to the server. As soon as I hit enter, it says logon failed. I know the user name and password are good on the network, I am using them right now on the Windows machine I am using. I selected the domain (HCR) from the list, but I'm wondering if it isn't actually trying to use the domain.

    Thank you all for your help so far.
    Allen Howard
    Comptia A+, Network+, CCENT, and IT for Sales Certified Technician
    ____________________________________________________

  8. #8
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    16,293

    Default Re: Active Directory Authentication

    On Sun, 15 Dec 2013 19:16:02 +0000, vader95 wrote:

    > I made sure the time was in sync, and it was. I also checked the error
    > logs on the server and nothing is showing as a problem. I don't even
    > see any attempted logons from the openSUSE machine. In fact, the only
    > error that exists is that the AD server can't replicate to my backup
    > server (which is to be expected as my backup server is offline for
    > maintenance right now). To me, it doesn't seem like there is enough
    > time for the openSUSE machine to even try to get to the server. As soon
    > as I hit enter, it says logon failed. I know the user name and password
    > are good on the network, I am using them right now on the Windows
    > machine I am using. I selected the domain (HCR) from the list, but I'm
    > wondering if it isn't actually trying to use the domain.
    >
    > Thank you all for your help so far.


    Maybe try tracing the connection with wireshark to see what's going on on
    the wire.

    Jim



    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  9. #9
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Active Directory Authentication

    On 2013-12-14 18:26, vader95 wrote:
    > Does anyone have any ideas as to what could be causing this?


    There is a note about AD in the release notes. AD support was removed
    from SAMBA:

    +++······················
    5.3. Samba Version 4.1

    Samba version 4.1 shipped with openSUSE 13.1 does not include support to
    operate as an Active Directory style domain controller. This
    functionality is currently disabled, as it lacks integration with
    system-wide MIT Kerberos.
    ······················++-

    But you are not setting up a domain controller, but a client.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 12.3 x86_64 "Dartmouth" at Telcontar)

  10. #10
    Join Date
    Aug 2009
    Location
    United States
    Posts
    288

    Default Re: Active Directory Authentication

    Quote Originally Posted by hendersj
    Maybe try tracing the connection with wireshark to see what's going on on
    the wire.
    I hadn't used wireshark in over a year, thanks for the idea. Unfortunately, I can see no traffic coming out the openSUSE box from trying to log in. I did see a bunch of ARP requests trying to reach my backup domain controller, so I finished the maintenance on it and brought it back online. No change for the login attempt, though. That is really weird

    Quote Originally Posted by robin_listas
    There is a note about AD in the release notes. AD support was removed
    from SAMBA
    Do you think this is causing the issue? I was under the impression that since it was just a client, everything would work without problems. The server is hosted on a Windows Server 2012 R2 (first domain controller and GC) and a Windows Server 2008 machine (Secondary and GC).

    Thank you,
    Allen Howard
    Comptia A+, Network+, CCENT, and IT for Sales Certified Technician
    ____________________________________________________

Page 1 of 4 123 ... LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •