How to setup SuSE Linux authentication to use Active Directory
1) From the linux desktop, start YaST
2) Select [Networking Services]
a. Select [Kerberos Client]
i. Select radio button [Use Kerberos]
ii. Basic Kerberos Settings
1. Default Domain: YOURDOMAIN.COM
2. Default Realm: YOURDOMAIN.COM
3. KDC Server Address: windowsdc.yourdomain.com
4. CLICK [Finish]
(this dialog will modify /etc/krb5.conf)
3) From a command prompt
a. Kinit userid (where userid is your 5 digit network id)
You will be prompted for your password
eg.
12345@YOURDOMAIN.COM’s Password:
your response will be:
kinit: NOTICE: ticket renewable lifetime is 1 week
4) Once you have verified the Kerberos client set-up is working, you will need to tie the linux login screen to Kerberos.
a. Edit the /etc/security/pam_unix2.conf file. Add the following lines:
auth: use_krb5 nullok
account: use_krb5
password: use_krb5 nullok
session: none
5) Add user manually to /etc/passwd (make sure you use a unique uid!!!!)
12345:x:1002:100:Joe Geeko:/home/12345:/bin/bash
6) Create user’s home directory
cp –R /etc/skel /home/12345
7) Change ownership to new user
chown –R 12345. /home/12345
8) you can now logout and login with your new Active Directory credentials.
note: the userids I use are numeric, and must be added manually to /etc/passwd. If you have userids that don't start with a numeric, you will be able to use YaST or useradd.
I did not need to install winbind or samba. I also didn't need to do a net ads join.
These instructions are simply designed to allow you to use your AD user id to authenticate to linux.