Authenticating using a Win 2008 AD

mikejreading · 01-07-2010, 06:19 PM

Hi guys,

Tried following someone elses instructions on how to set this up.. so far I have done the following:

Code:

Step 1: Install the Required Packages

Note: Enter Y when asked if you want to install the additional packages


apt-get install krb5-user
apt-get install winbind samba


Step 2: Edit the /etc/krb5.conf File
[logging]
    default = FILE10000:/var/log/krb5lib.log
[libdefaults]
    ticket_lifetime = 24000
    default_realm = ASSIGNMENT.LOCAL

[realms]
    ASSIGNMENT.LOCAL = {
        kdc = ASS-Server01-01.assignment.local
        admin_server = ASS-Server01-01.assignment.local
        default_domain = ASSIGNMENT.LOCAL
}
[domain_realm]
    .assignment.local = ASSIGNMENT.LOCAL
   assignment.local = ASSIGNMENT.LOCAL

Step 3: Edit /etc/samba/smb.conf
[global]
        security = ADS
        netbios name = ASS-Server01-01
        realm = ASSIGNMENT.LOCAL
        password server = ASS-Server01-01.assignment.local
        workgroup = ASSIGNMENT
        idmap uid = 500-10000000
        idmap gid = 500-10000000
        winbind separator = +
        winbind enum users = no
        winbind enum groups = no
        winbind use default domain = yes
        template homedir = /home/%D/%U
        template shell = /bin/bash
        client use spnego = yes
        domain master = no

Step 4: Edit /etc/nsswitch.conf to look like the example below
passwd:         compat winbind
group:          compat winbind
shadow:         compat
hosts:          files dns wins
networks:       files
protocols:      db files
services:       db files
ethers:         db files
rpc:            db files
netgroup:       nis

Step 5: Modify the PAM settings

1) /etc/pam.d/common-account should contain only the following lines
account sufficient	pam_winbind.so
account required		pam_unix.so

2) /etc/pam.d/common-auth should contain only the following lines
auth    sufficient      pam_winbind.so
auth    required        pam_unix.so nullok_secure use_first_pass

3) Modify the /etc/pam.d/common-password file, so the max parameter is set to 50, similar to the one shown below
password   required   pam_unix.so nullok obscure min=4 max=50 md5

4) Make sure the /etc/pam.d/common-session file contains the following line
session required        pam_mkhomedir.so umask=0022 skel=/etc/skel

Step 6: Make a directory to hold domain user home directories
Note: Use the value you put in the WORKGROUP tag of the /etc/samba/smb.conf file

	Code:
	mkdir /home/ASSIGNMENT
Step 7: Initialize Kerberos
kinit Administrator@ASSIGNMENT.LOCAL

Step 8: Join the system
net ads join -U Administrator@ASSIGNMENT.LOCAL

And its then where I reach a problem... the error message I get is:

Code:

net ads join-U administrator
Enter Administrator's password:
[2010/01/08 00:15:02,   0] passdb/secrets.c:71(secrets_init)
    Failed to open /var/lib/samba/secrets.tdb
Failed to join domain: Unable to open secrets database

Any ideas?? Its driving me up the wall.

Thanks guys,
Mike

acid_kewpie · 01-08-2010, 12:40 PM

nothing to do with networking. Moved to Linux - Newbie.

mikejreading · 01-09-2010, 03:19 PM

Sorry... any help guys.. im still really stuggling!