I just figured out I am going about this all wrong.
Totally confused. My goal is to Authenticate Linux against active directory
as a Member file server in an existing ADS Network.
I shut down the ldap server since it is not necessary
I started following this tut Authenticating Linux against Active Directory
However I am getting this and I’m stuck again
getting this error INSCSUSE:~ # kinit bill
kinit(v5): Cannot resolve network address for KDC in realm INSC.LOCAL while getting initial credentials
Funny went went into yast samba windows member ship and was able to add the server to the domain.
But I can’t log into to it with any domain users.
Have a hunch it is because of the missing pam_unix2.conf file. Which is not in the /etc/security directory where the tut said it should be. Please anyone know why or how to fix this?:’(
open yast and search for pam. ensure that everything is installed properly. One thing. i noticed you said that you were manually editing the pam conf files. If you go through, set up the ntp client, then set the krb5 client, and then join to the domain the only file I can think that you might want to edit at all would be the pam_mount.xml file or the smb.conf file to get rid of the %D variable. I never have to edit the pam files directly anymore. Yast usually takes care of it for me.
I edited the kerberos file directly, because I couldn’t find the kerberos client in yast. not the pam because
it wasn’t there. I am brand new to this the only thing I know is what the tutorial told me. What do you mean by look for pam in yast? a pam client? or search for an rpm and install it if it is not there.
also in smb.conf is there anything I should
add? I remember changing workgroup = INSC.local to
Domain = INSC.local manually. Which one should it be and does that make a difference. Do I need to manually add any windbind statements? Need some guidance here.
I am lost
Update on situation.
Found kerberos client tool in yast.
Checked off use kerberos.
Clicked ok. Said it was installing pam.
after that still no pam_unix2.conf file in /etc/security
Even though the domain is visable in kde
same effect if i pick the domain and a domain user
it fails to authenticate. but under windows domain membership seems to be a member of the domain. I can only click leave. When I tried to leave got this error
:failed to leave domain: failed to disable machine account via rpc: NT_STATUS_NONE_MAPPED. will search around in yast for pam, or pam rpms. Somebody Help, hope editing krb5.conf
by hand originally didn’t cause this. >:(
update went into ldpad client config put in my dc as the ldap server. dc=Insc.local com=local.
then went back to domain member ship and my server is no longer a member of the domain.
tried to add it and got Failed to join domain: failed to connect to AD: Cannot resolve network address for KDC in requested realm. Heeeelp! >:(
No scratch that tried a second time now it says it joined successfully.
Have to walk over now again to see if i can get in to server locally with any domain accounts.
update again didn’t walk over. but it seems that I have the permissions on the ADnetwork of the user i added the linux box with. cause I can browse all the resources that belong to my user. Only question is now how do i assign permissions to shares I create on my Linux server to current Active Directory users in INSC.LOCAL Domain?
Update again.
For some strange reason even though the Domain
name shows up on the kde loginscreen ,at the server
Authentication fails there.I mean interactively.
Also if i fail to login several times, kde freezes and I am forced to reboot. Also it freezes everytime I log off. I added the server as a regular user and not administrator. Not sure if that has anything to do with it.
However if I log it in locally, the Windows Domain membership in yast has me in INSC.LOCAL, and I can view all the servers and directories that the user I used to add the linux server to the AD had. I might be able to work around this but it doesn’t make any sense. What I need
is a way to assign ad users rights, to my linux shares.
optionally probably would be a good thing to be able to log in interactively. I don’t have an ldap server running on the linux server. Although I did configure it but I shut it off. I am using ldap as my backend.
After configuring the Samba client and kerberos client was able to add the server. Do I need to run an ldap server to share my linux shares?:beat-up:
