SUSE / openSUSEThis Forum is for the discussion of Suse Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Looking for some help here. Is their a recommended procedure for this? I was able to join the Active Directory domain and checked the box to use it for authentication, but it doesn't seem to be working.
I've read a bunch of information on how to get this all working manually, but I don't want to mangle my 9.3 setup anymore than needed. It seems like they tried to build the functionality into Suse 9.3, but I'm not sure if it's incomplete or if there are just additional steps that I need to take.
Try going trough the documentation on www.samba.org, they have some very useful documentation in form of a howto collection as well as a guide by example book.
Distribution: Mac OS X Leopard 10.6.2, Windows 2003 Server/Vista/7/XP/2000/NT/98, Ubuntux64, CentOS4.8/5.4
Posts: 2,986
Rep:
I'm not a Windows 2003 server pro, but I do have a Windows 2003 server running with Active Directory under a domain. Is that the same thing? Assuming you installed the SAMBA service for SuSE, you can just use Konqueror to access the files and directories. You will need your username/password of the domain (obviously).
Maybe I'm way off (lol) but this is what I do:
1) open konqueror
2) address is: smb://ipaddress I believe.
3) input username/password when prompted.
4) the files and folders will be available.
Me and my partner spent almost 20 hours straight getting there, but we did. As it turns out (I know no one else has had this happen) it took several pieces of incomplete documentation to get it to work, but it does. The even better news is that this has been deployed as production server for one of our remote offices. Since this environment requires Active Directory, it was nice to finally find a way of integrating Linux (more specifically, Suse) where it fits. This server build will become our template for deploying new remote offices... very cool!!! This setup works sooo well. Complete, seamless integration with the AD environment (a member of the AD domain, fully capable of using AD usernames/passwords and security). The user at the desktop doesn't have anyway of telling it's Linux box in the back, it behaves exactly the same. We even left it running headless (no keyboard, monitor or mouse). Doing all administration via ssh.
If there's enough interest, I will take the time to write a real how-to specifically for Suse. So, let me know in this thread if you would be interested in seeing this documentation brought to life.
Thanks to those who offered their help.
My new moto: Moving Linux from the edge to the heart of the enterprise.
Distribution: Mac OS X Leopard 10.6.2, Windows 2003 Server/Vista/7/XP/2000/NT/98, Ubuntux64, CentOS4.8/5.4
Posts: 2,986
Rep:
Quote:
Originally posted by zenix The good news is... we got this to work.
Me and my partner spent almost 20 hours straight getting there, but we did. As it turns out (I know no one else has had this happen) it took several pieces of incomplete documentation to get it to work, but it does. The even better news is that this has been deployed as production server for one of our remote offices. Since this environment requires Active Directory, it was nice to finally find a way of integrating Linux (more specifically, Suse) where it fits. This server build will become our template for deploying new remote offices... very cool!!! This setup works sooo well. Complete, seamless integration with the AD environment (a member of the AD domain, fully capable of using AD usernames/passwords and security). The user at the desktop doesn't have anyway of telling it's Linux box in the back, it behaves exactly the same. We even left it running headless (no keyboard, monitor or mouse). Doing all administration via ssh.
If there's enough interest, I will take the time to write a real how-to specifically for Suse. So, let me know in this thread if you would be interested in seeing this documentation brought to life.
Thanks to those who offered their help.
My new moto: Moving Linux from the edge to the heart of the enterprise.
~Daniel
You should DEFINITELY write a documentation for this. I guarantee you that this will help others. You can even post the 1-2-3's of it here on Linuxquestions.org in the tutorial section and the mod's will definitely approve it.
I know that when I google linux problems, I usually get back Linuxquestions.org somewhere. This is a really good resourceful place to get help.
And out of curiousity, can you quickly put the 1-2-3's of how you got it to work? I am curious!
If there were a quick 1-2-3, I would certainly post is here. Here's the 1,000 view:
1. Configure Suse 9.3 with Samba (don't even think about using the Yast samba server tool)
2. Configure Samba and test
3. Configure Windbind/Kerberos and test
4. Configure nsswitch
5. Configure PAM
As you can imagine each of theses pieces has serveral steps. If you decided to venture down the road of actually trying it, let me know. I would be happy to assist you with any help you may need.
I also managed to do that, first for Fedora (but for some strange reasons, some bugs started appearing with Fedora after some time ), but adapting it to Suse was quite easy (what turned Suse into my second favorite distribution ).
Other cool thing that I discovered in some old archives of samba lists was a patch that allowed a kerberized printing to windows printers through CUPS (patch applied to smbspool.c at SAMBA compiling. Sadly, it seens to work only till samba-3.0.14, I tried applying it to samba-3.0.20 and got an error ).
Try googling for "samba3-smbspool-krb.bin".
"If there were a quick 1-2-3, I would certainly post is here. Here's the 1,000 view:
1. Configure Suse 9.3 with Samba (don't even think about using the Yast samba server tool)
2. Configure Samba and test
3. Configure Windbind/Kerberos and test
4. Configure nsswitch
5. Configure PAM
As you can imagine each of theses pieces has serveral steps. If you decided to venture down the road of actually trying it, let me know. I would be happy to assist you with any help you may need."
I am using SuSE 9.3 also. I got as far as step 4. what did you do to configure PAM?
I dunno about you and PAM and all that stuff, but I was able to get it working pretty easily by these steps
Open YaST
Configure Kerberos to an AD DC
Close YaST
Open Control Center (I am using KDE, and yes, they do seem to be different).
Click on Internet & Network thing
Click Samba
Click Administrative Mode
Change Security Level to ADS
Enter in Server Addy + Realm
Click Apply
Open Terminal
SU - SU Password
net ads join
I see my computer in the Domain, although I am not sure if the log on sequence (When I log onto the computer, is using the local passwd file or authenticating against the domain), but when I log in I am able to open domain resources etc without a hitch it seems.
I will try to check the authentication and report back.
Last edited by EclipseAgent; 10-28-2005 at 04:52 PM.
I am authenticating using the local /etc/passwd and not the domain logon (I tired to log in as someone else with their domain account on the linux machine).
Did you install the NIS server from NFS3.5? For the Schema extension in AD?
I am sure it is pretty simple to do.. I am still trying to figure it out though..
So can anyone in your domain, walk up to the linux machine and login authenticating to their domain account?
All Ineed is Kerberos in order to auth. But the user must be locally known in linux. If I want to lookup the user in AD I suspect I need some kind of directory lookup protocol. This would probably be LDAP right?
So I setup LDAP. I did not go into the advanced screens at all and the results was the following message in /var/log/messages: "nscd: nss_ldap: could not search LDAP server - Operations error"
You already have all the tools you need. The authentication portion is handled by winbind and kerberos. You will need to edit your PAM files to get linux to use Active Directory for authentication. I don't have time to list all the steps now, but maybe this will get you on the right track.
Thanks for your response. I figured it out. Everything was already setup correctly. I did not realize that I had to have Domain\username instead of just the username in the read and write lists in Samba.
I am just starting to use SUSE Linux, and have had this question brought up to see if it is possible. I have a Windows AD (2003) and I can get the computer object into AD, but I cannot authenticate with an AD account only. I have followed alot of the steps outlined here, but I am getting an error:
Kerberos_kinit_password host hostname failed. Client not found in Kerberos database.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.