LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise
User Name
Password
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.

Notices

Reply
 
Search this Thread
Old 04-10-2013, 10:31 AM   #1
irreverentryan
Member
 
Registered: Jan 2013
Posts: 32

Rep: Reputation: Disabled
Can auth to AD with GUI login, but not CLI login.


I'm assuming both should work... but I can only login as an AD user in the GUI; it fails in the CLI.

Code:
[root@XXXX-FS01 ~]# wbinfo -u
guest
administrator
krbtgt
superadmin
sqladmin
corey
gfiadmin
ryan
randy
matt
rhevmadmin
Code:
[root@XXXX-FS01 ~]# wbinfo -g
domain computers
cert publishers
domain guests
ras and ias servers
domain admins
schema admins
enterprise admins
group policy creator owners
allowed rodc password replication group
denied rodc password replication group
enterprise read-only domain controllers
domain controllers
read-only domain controllers
domain users
dnsadmins
dnsupdateproxy
sqlserver2005mssqluser$xxxx-dc02$microsoft##ssee
sqlserver2005msfteuser$xxxx-dc02$microsoft##ssee
wsus reporters
wsus administrators
kladmins
kloperators
/etc/nsswitch.conf
Code:
passwd:     files winbind
shadow:     files winbind
group:      files winbind
/etc/krb5.conf
Code:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = XXXX.DOMAIN
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes

[realms]
XXXX.DOMAIN = {
kdc = xxxx-dc01.xxxx.domain
admin_server = xxxx-dc01.mmci.domain
default_domain = xxxx.domain
}

[domain_realm]
.mmci.domain = XXXX.DOMAIN
mmci.domain = XXXX.DOMAIN

[appdefaults]
pam = {
debug = false
ticket_lifetime = 360000
renew_lifetime = 360000
forwardable = true
krb4_convert = false
}
/etc/hosts
Code:
127.0.0.1   xxxx-fs01.xxxx.domain xxxx-fs01
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.x.35	xxxx-dc01.mmci.comain	xxxx-dc01
192.168.x.36	xxxx-dc02.mmci.domain	xxxx-dc02
192.168.x.40	xxxx-fs01.mmci.domain	xxxx-fs01
/etc/samba/smb.conf
Code:
[global]
workgroup = XXXX
realm = XXXX.DOMAIN
server string = Samba Server Version %v
preferred master = no

password encrypted = yes
password server = xxxx-dc01.xxxx.domain
security = ads

log level = 3
log file = /var/log/samba/%m
max log size = 50

idmap uid = 16777216-33554431
idmap gid = 16777216-33554431

template shell = /bin/bash
winbind use default domain = yes
winbind offline logon = true
#  winbind separator = +#
winbind enum users = Yes
winbind enum groups = Yes
winbind nested groups = Yes
passdb backend = tdbsam

load printers = yes
printing = cups
I am pretty unfamiliar with PAM and am assuming something is wrong there, but I'm not sure which control file to edit, and/or how.

My ultimate goal is to build a file server that houses Active Directory Users' homedirs and department shares, using AD user and group permissions.

Thanks in advance for any advice!

Last edited by irreverentryan; 04-10-2013 at 10:33 AM.
 
Old 04-10-2013, 07:10 PM   #2
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , Solaris 10, RHEL
Posts: 1,935
Blog Entries: 1

Rep: Reputation: 188Reputation: 188
What OS are you using?

You should have a look at the /etc/pam.d/sshd file

--C
 
Old 04-11-2013, 08:07 AM   #3
irreverentryan
Member
 
Registered: Jan 2013
Posts: 32

Original Poster
Rep: Reputation: Disabled
Hi Custangro, thanks!

I'm using RHEL 6.4 x64. I'll take a look at it, thanks!
 
Old 04-28-2013, 05:30 PM   #4
gdizzle
Member
 
Registered: Jul 2012
Posts: 205

Rep: Reputation: Disabled
Enable Kerberos for SSH:

Code:
/etc/ssh/sshd_config 

KerberosAuthentication yes

service sshd restart
To view issues logging in:

Code:
tail -f /var/log/secure
 
  


Reply

Tags
active directory, homedir, kerberos, pam, samba


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How many ways to disable root user login not in GUI as well as CLI mode? maddy-pim Linux - Newbie 6 08-23-2012 06:03 PM
Ubuntu/AD/KRB5/LDAP/NIS able to use domain user login with putty, unable in gui login Nitroglycerine Linux - Server 0 06-28-2012 04:17 AM
unable to login any user through the console but users can login in GUI p kumar Linux - Server 1 04-19-2012 06:09 AM
unable login via GUI but can login via Putty (command line) linuxandtsm Linux - Newbie 10 06-09-2011 02:08 PM
QMAIL AUTH LOGIN AUTH=LOGIN Arghhhhhhhh DrNeil Linux - Networking 3 09-04-2004 10:07 AM


All times are GMT -5. The time now is 09:00 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration