Linux - EnterpriseThis forum is for all items relating to using Linux in the Enterprise.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I have a Windows 2003 Active Directory domain that I am trying to setup a linux file server within (using Red Hat Enterprise AS 3).
First, here's what I'm trying to do: I am trying to set it so that users who have authenticated to the domain can access the samba shares based on their domain authentication alone, without having to put a separate password in to access the share, so it will appear as though it's just another Windows share.
I have the linux file server configured with samba and kerberos and joined to the domain (Active Directory is recognizing the server connected to the domain). I can use kinit and authenticate, net ads join and join the domain. wbinfo -u and -g show me the domain users
and groups (in addition to the local users). getent passwd and getent group are showing me domain users as well.
Now, when my windows machine, authenticated to the domain, attempts to access one of the shares I get one of the two following errors in the samba log (and a box asking for username/pw in windows):
* Failed to verify incoming ticket!
* User Domain\user does not exist on this system
--Domain\user does exist on the domain and shows in both wbinfo and getent
I have verified that the kerberos server's time and the samba servers time are within seconds of each other.
I'm not sure what else could be the problem. Any thoughts?
The best implementation I've seen only allow Samba to interact at the 2000 functional level (works best at the NT level), and I haven't looked at the architecture of 2003 to know if any more security features were implemented in that functional level. My bet is that your current functional level is what is going to cause errors, but that is only a guess at this point. 2000 didn't allow the functional level to be lowered if I remember correctly, so I don't see why they'd let it happen in 2003.
Well, in monkeying around a bit more I've discovered this:
getent group "DOMAIN1\Domain Users"
this returns a valid listing of users from the Domain Users Group on Domain1 (separate from the domain the servers are on).
getent group "DOMAIN2\Domain Users"
this returns nothing. This is the domain that the servers are all on...
oh, and no, you can not lower your domain level in 2003.