LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 03-06-2009, 04:00 AM   #1
maas187
Member
 
Registered: Aug 2008
Location: Yemen
Distribution: Fedora, CentOS, RedHat , OpenFiler, ESXI
Posts: 210

Rep: Reputation: 32
Arrow SSO ??


Hi to all.
i want to combine my linux box users to an Exsiting Windows 2003 Server on my network (Active Directory). in terms that if i want to logon to my linux box using (FTP,SSH,etc...) it would ask the 'AD' for authentication.

i used samba , krb5 , winbind . they gave me soooo much headach .. everytime i try to get around an error i generate 10 more.

and the examples online are useless. !!

so my question is . whats the best way to get this running.

Note : Linux box = Fedora.


Thanks to all .


Regards,

MaaS
 
Old 03-06-2009, 10:10 AM   #2
archangel_617b
Member
 
Registered: Sep 2003
Location: GMT -08:00
Distribution: Ubuntu, RHEL/CentOS, Fedora
Posts: 234

Rep: Reputation: 42
Quote:
Originally Posted by maas187 View Post
Hi to all.
i want to combine my linux box users to an Exsiting Windows 2003 Server on my network (Active Directory). in terms that if i want to logon to my linux box using (FTP,SSH,etc...) it would ask the 'AD' for authentication.

i used samba , krb5 , winbind . they gave me soooo much headach .. everytime i try to get around an error i generate 10 more.

and the examples online are useless. !!

so my question is . whats the best way to get this running.

Note : Linux box = Fedora.


Thanks to all .


Regards,

MaaS
If you're starting domain integration from scratch, the Samba+Krb+Winbind setup should be pretty straight-forward. I found the examples in Samba 3 by Example were very clear and effective.

http://www.amazon.com/Samba-3-Exampl...6355762&sr=1-1

- Arch
 
Old 03-07-2009, 04:26 AM   #3
maas187
Member
 
Registered: Aug 2008
Location: Yemen
Distribution: Fedora, CentOS, RedHat , OpenFiler, ESXI
Posts: 210

Original Poster
Rep: Reputation: 32
Exclamation

Here we go . after 2 sleepless nights. this is the best i came around . and no answers could be found anywhere .. ok .

DC = ACTIVE.AD.COM
AD = AD.COM
LUX BOX = CentOS , i changed from Fedora.

ok now config fun !! .

krb5.conf :
===============
[libdefaults]
default_realm = AD.COM
dns_lookup_realm = false
dns_lookup_kdc = false
default_tkt_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
default_tgs_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC

[realms]
AD.COM =
{
kdc = AD.COM
kdc = ACTIVE.AD.COM
kdc = ACTIVE.AD.COM
kdc = ACTIVE.AD.COM
admin_server = AD.COM
default_domain = AD.COM
kdc = ACTIVE.AD.COM
}
[domain_realm]
.ad.com = AD.COM
.AD.COM = AD.COM
ad.com = AD.COM
AD.COM = AD.COM
[logging]
kdc = FILE:/var/adm/krd5kdc.log
admin_server = FILE:/var/log/kadmind.log
default = FILE:/var/log/krb5lib.log
[kdc]
profile= /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
========================================

smb.conf
-------------------
[global]

workgroup = AD
password server = ACTIVE.AD.COM
realm = AD.COM
security = ads
idmap uid = 500-10000000
idmap gid = 500-10000000
template homedir = /home/%U
template shell = /bin/sh
winbind use default domain = true
winbind offline logon = false
unix charset = LOCALE
netbios name = CENTOS
server string = CENTOS_JOIN
idmap backend = idmap_rid:AD.COM=500-10000000
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50

winbind enum users = Yes
winbind enum groups = Yes
winbind nested groups = Yes

[homes]
comment = Home Dir
valid users = %D\%U
read only = No
browseable = No

==========================================

after running this command:

Shell:> kinit Administrator@AD.COM
Password: xxxxxx
Shell:>

it went fine. no errors or anything else. to indicate.

Shell:> klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator@AD.COM

Valid starting Expires Service principal
03/07/09 05:07:48 03/07/09 15:08:29 krbtgt/AD.COM@AD.COM
renew until 03/08/09 06:07:48


Kerberos 4 ticket cache: /tmp/tkt0

and this command .

Shell:> net ads info
LDAP server: 192.168.1.106
LDAP server name: active.ad.com
Realm: AD.COM
Bind Path: dc=AD,dc=COM
LDAP port: 389
Server time: Sat, 07 Mar 2009 05:24:33 EST
KDC server: 192.168.1.106
Server time offset: 46

NOW THE MAJOR ERROR >.............

SHELL:> net ads join -U Administrator
[2009/03/07 05:11:34, 0] libads/sasl.c:ads_sasl_spnego_bind(330)
kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials
Failed to join domain: Invalid credentials


what da hell this means .. beats me blind ..


Thanx for the help ....


Regards,
MaaS .
 
Old 03-07-2009, 12:51 PM   #4
maas187
Member
 
Registered: Aug 2008
Location: Yemen
Distribution: Fedora, CentOS, RedHat , OpenFiler, ESXI
Posts: 210

Original Poster
Rep: Reputation: 32
Red face

anyone ???
 
Old 03-08-2009, 01:16 AM   #5
maas187
Member
 
Registered: Aug 2008
Location: Yemen
Distribution: Fedora, CentOS, RedHat , OpenFiler, ESXI
Posts: 210

Original Poster
Rep: Reputation: 32
Question

Quote:
Originally Posted by maas187 View Post
anyone ???
I got the answer , had to reinstall everything all over again .

just a note . Dont believe all those Steps u find online.




Admin , this Thread could be closed.

Thank to all .
 
Old 01-13-2010, 02:54 PM   #6
cybercanibal
LQ Newbie
 
Registered: Jan 2010
Posts: 1

Rep: Reputation: 0
Quote:
Originally Posted by maas187 View Post
I got the answer , had to reinstall everything all over again .

just a note . Dont believe all those Steps u find online.




Admin , this Thread could be closed.

Thank to all .
Hi, i got the some problem.

Do you reinstall a samba platform? or server?

Thanks a lot!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache and Kerberos SSO issues climbingmerlin Linux - Server 2 08-09-2009 05:12 AM
Authz_ldap? I need to have SSO with kerberos against a AD domain mujzeptu Linux - Server 6 02-07-2008 10:53 AM
OpenLDAP for web application SSO integration mytto Linux - Networking 3 02-15-2006 11:23 AM
Samba/winbind and SSO question zerenia Linux - Networking 0 12-08-2005 07:16 PM
Enable SSO in Applications Aman25 Linux - Security 1 07-30-2004 09:43 AM


All times are GMT -5. The time now is 12:35 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration