Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello and thanks in advance for any help you might be.
We currently have about 40 Linux servers authenticating to a NIS domain and about 15 Windows systems authenticating to a Windows 2003 domain. For Security reasons we would like to have the Linux systems authenticate to the Windows domain. This would also facilitate sharing files between the the Windows and Linux boxes and allow us to have a single login to all systems.
I know that we can do this, the question I have is how do we make the Windows username and Linux username be the same?
Example. I have a username of thllgo on the Windows domain and share mount from Windows to a Linux box. Windows says the files belong to thllgo but the Linux side doesn't know the UID. My GID under Linux is 27142 my UID under Windows is 11113.
It would also be nice if we could coordinate the GIDs.
This talks about a successful setup of authenticating linux servers in a w2k3 domain. I daresay, the only way of organising the UID issue is by manually making them the same, bit of a painful time consuming job. Maybe a script?
I seem to have gotten things working. Most of what I had to do was get the DC working correctly. All I had to do on Linux was run the authconfig utility and specify
use winbind
use md5 passwords
use shadow passwords
use kerberos
local authorization is sufficient
the realm which is the full domain name
KDC, seems to have filled out itself
admin server FQDN
use DNS to resolv hosts to realm
Done.
The ugly part is the new UIDs and GIDs are not the same as the old ones so I have to go around and change a lot of ownership issues and group issues. Yuk in a big way. Not hard just time consuming.
I had similar issues with ownership when we went to a full LDAP authentication setup. painful enough. However, for thefuture, i have found that if i setup the user in LDAP, and have the /home directory already mapped, the first time the user logs in the machine will create the home directory for them. Now, i know your situation is slightly different, using AD, but for adding users, create them in AD, then see if they can login and whether or not their /home is created automatically? Saves a lot of work, and is alot safer than what i think you are talking about!
That works for new users. I'm just bummed about the 30+ machines already setup in a NIS environment, with gobs of user files. I should be able to simply create a script that does a find on files with specific UIDs and do a chown on them. Same with GID. Survivable just annoying.
To be honest, if all the files are stored more or less on one machine, I'd give it a go manually, simply to make sure I got them all. But then, users have a way of playing about, eh!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.