Joining Fedora 7 to a MS 2003 server Domain:
Joining Fedora 7 to a MS 2003 server Domain:
Hi I am very new to Linux; I have just installed Fedora 7. I will like to know the step by step guide how to add Fedora 7 to my MS 2003 server domain running DHCP, DNS, and AD. I will like for both Windows and Linux computers to be able to share and communicate with each other on my LAN once they have joined the domain. Please can anyone give me some step by step guide on how to get this done!!!!? Thanks for your help!!! |
Quote:
|
Hi
Quote:
Hi Just add the MS 2003 server domain IP address in your Fedora system's DNS IP. Hope u will solve ur problem. Hemant |
I recently worked on contract at Sony.
We spend quite a bit of time pursuing a reliable repeatable solution for RedHat ES4 and 5ES joining them to Win2000 and Win2003 AD servers. We discovered the main problem was due to windows time (win32time) not allowing the Linux box to sync which is required for Kerberos authentication (part of AD). I gained quite a bit of knowledge about what will work and what doesn't. What problems are you having? Graham. |
Quote:
plus i want to enable remote acccess from Fedora to MS 2003 server and to all of the PC in the Domain. |
Quote:
thank you |
We had to give the RedHat box a fixed IPaddress in the Active directory domain and told the RedHat Box to get DHCP.
There's a new service on recent Fedora releases (6+ I think) NetworkManager. I was also on the Redhat4 release we were using. We found that it used to mess with the network settings so we disabled it # service NetworkManager stop # chkconfig NetworkManager off # service NetworkManagerDispatcher stop # chkconfig NetworkManagerDispatcher off Try this then force a DHCP link # ifconfig eth0 down # ifconfig eth0 dynamic # dhclient eth0 You should see it set up the link with DHCP DISCOVER etc. Also you can monitor the activity with tcpdump # tcpdump -i eth0 You could also install the win2003 version of ethereal on the win server and monitor traffic on both ends Sound like you need also to experiment with fixed IP addresses as well to make sure the AD server DNS is working OK We needed to set up a fixed reservation for DHCP and set up AD to use that address. This means we could still use DHCP and fixed addresses, the RedHat box was a server after all :-) You could set up a static address on the Linux box temporarily to make sure AD will still work # ifconfig eth0 down # ifconfig eth0 192.168.0.100 # route add default dev eth0 gw <win server IP> # echo "nameserver <win server IP>" >/etc/resolv.conf No this is not a typo it's not resolve.conf ;-) This gives you a fixed IP until you reboot or restart the network Then set up the AD server to use 192.168.0.100 (or use some appropriate IP address) You also need to set up the KDC realm in /etc/krb5.conf as well as /etc/samba/smb.conf I seem to remember having to tinker with /etc/nsswitch.conf and the PAM settings, but I'm not sure if they were needed. Then you should just be able to: # kinit administrator@<REALM> # net join ads and it should just work I would do a # net time set just before the kinit to sync the time properly. I also have some notes in some backups as well as some scripts to automate much of this. Let me know how you get on. Post some console dumps so we can see what is happening. Graham. http://grahams.free-online.co.uk |
Quote:
I have reinstall Fedora and change my MS 2003 server DHCP address range from 10.0.0.1 to 10.0.0 2. and leave my MS 2003 server on 10.0.0.1 for the LAN IP Address. Fedora is now able to Optain an IP address from my MS 2003 server (10.0.0.15) and have full internet access and can ping both local and external. Thanks a lot for all your help!!! I how need to join Fedora 7 to my MS 2003 domain but need to know how to configure KDC and Samba, so that can enable remote access and file sharing!!! any help on this will be welcome. Thank you!! |
Have to say the short and less painless way is to configure a Linux server and hook your Windows box to that.
Linux will serve the DHCP stuff with /etc/dhcpd.conf and give you file sharing with /etc/samba/smb.conf DNS is already configured so you don't need to touch that. Easy peasy. I would think several times before connecting a Windows box directly to the internet, but a Linux box is pretty safe. |
Quote:
My Steps on How to join Fedora Core Linux to an Active Directory Domain This document will explain how to add a Fedora Core Linux box to an Active Directory domain. The AD server will handle the authentication. Login as root for this installation. My AD Server Primary - 192.168.123.20 My AD Server Sec - 192.168.123.21 Packages you need: samba (v.3.0) samba-common pam_krb5 krb5-workstation Step 1: Backup your /etc/pam.d directory: # cp -a /etc/pam.d /etc/pam.d.bak Step 2: Change in /etc/nsswitch.conf (Here's the syntax using the nano text editor: [root@myhost]# nano /etc/nsswitch.conf) passwd: files shadow: files group: files Change to: passwd: files winbind shadow: files winbind group: files winbind Save the file and exit (Nano Syntax: CTRL + X, Type in Yes and press the enter key) The files below are my files that I edited to get my host to connect to my AD. ***Before you edit your files though, be sure and make a copy of the originals for backup. For example: [root@myhost]# cp /etc/samba/smb.conf /etc/samba/smb.conf.ORIG After you've made backup copies of your files, edit your files and change them to match your settings: My /etc/samba/smb.conf ([root@myhost]# more /etc/samba/smb.conf): [global] workgroup = MYDOMAIN realm = MYDOMAIN.COM server string = Samba %v security = ads password server = 192.168.123.20 idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 winbind use default domain = yes winbind separator = + winbind cache time = 10 winbind enum users = yes winbind enum groups = yes template shell = /bin/bash template homedir = /home/%D/%U My /etc/pam.d/login: #%PAM-1.0 auth sufficient pam_winbind.so auth required pam_securetty.so auth required pam_stack.so service=system-auth auth required pam_nologin.so account sufficient pam_winbind.so account required pam_stack.so service=system-auth password sufficient pam_winbind.so use_authtok password required pam_stack.so service=system-auth # pam_selinux.so close" should be the first session rule session required pam_selinux.so close session required pam_stack.so service=system-auth session optional pam_console.so # pam_selinux.so open should be the last session rule session required pam_selinux.so multiple open My /etc/krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = MYDOMAIN.COM dns_lookup_realm = false dns_lookup_kdc = false [realms] MYDOMAIN = { kdc = 192.168.123.20 192.168.123.21 admin_server = 192.168.123.20 default_domain = mydomain.com } [domain_realm] .mydomain.com = MYDOMAIN.COM mydomain.com = MYDOMAIN.COM [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } Run authconfig and choose/configure: "Use Winbind" "Use Kerberos" "Use Winbind Authentication" # authconfig My /etc/pam.d/system-auth: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth sufficient /lib/security/$ISA/pam_krb5.so use_first_pass auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so broken_shadow account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_krb5.so account required /lib/security/$ISA/pam_permit.so password requisite /lib/security/$ISA/pam_cracklib.so retry=3 type= password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow password sufficient /lib/security/$ISA/pam_krb5.so use_authtok password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_mkhomedir.so skel=/etc/skel umask=0022 session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so session optional /lib/security/$ISA/pam_krb5.so Last Steps: Join the Linux server to the domain: # net ads join -U <domain admin> Restart winbind: # service winbind restart Create the Domain directory: # mkdir /home/MYDOMAIN Logoff and Login with your AD credentials. Useful commands: See what groups you are in and get the group ID: # getent group | grep <utaccount> | awk -F: '{ print $1,$3 }' |
Quote:
Thank you |
dhcp
Quote:
Quote:
[root@Fedora-Server etc]# ifconfig eth0 Link encap:Ethernet HWaddr 00:0B:DB:4D:5A:99 inet addr:160.9.94.68 Bcast:160.9.95.255 Mask:255.255.252.0 inet6 addr: fe80::20b:dbff:fe4d:5a99/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:477 errors:0 dropped:0 overruns:0 frame:0 TX packets:46 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 RX bytes:86219 (84.1 KiB) TX bytes:15094 (14.7 KiB) Base address:0xdc40 Memory:ff6c0000-ff6e0000 eth1 Link encap:Ethernet HWaddr 00:01:02:AB:60:E9 inet addr:192.168.1.0 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::201:2ff:feab:60e9/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:356 errors:0 dropped:0 overruns:1 frame:0 TX packets:258 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:96031 (93.7 KiB) TX bytes:71721 (70.0 KiB) Interrupt:20 Base address:0xcc00 here is my dhcp config file: default-lease-time 86400; max-lease-time 86400; option subnet-mask 255.255.255.0; option broadcast-address 192.168.1.255; option routers 192.168.1.254; option domain-name-servers 192.168.1.1, 192.168.1.2; option domain-name "wmd.org"; subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.10 192.168.1.100; range 192.168.1.150 192.168.1.200; } option netbios-name-servers 192.168.1.1; i can't get any of my windows or linux client computers to receive an ip address from the server. i do not know what have gone wrong or if there more configurations to be done. this is my first time at setting a dhcp server on Fedora/linux!!! there are no error messages comping up only after i use the command "[root@Fedora-Server etc]# /usr/sbin/dhcpd eth1" the following message comes up; Internet Systems Consortium DHCP Server V3.0.6 Copyright 2004-2007 Internet Systems Consortium. All rights reserved. For info, please visit http://www.isc.org/sw/dhcp/ ** You must add a global ddns-update-style statement to /etc/dhcpd.conf. To get the same behaviour as in 3.0b2pl11 and previous versions, add a line that says "ddns-update-style ad-hoc;" Please read the dhcpd.conf manual page for more information. ** If you did not get this software from ftp.isc.org, please get the latest from ftp.isc.org and install that before requesting help. If you did get this software from ftp.isc.org and have not yet read the README, please read it before requesting help. If you intend to request help from the dhcp-server@isc.org mailing list, please read the section on the README about submitting bug reports and requests for help. Please do not under any circumstances send requests for help directly to the authors of this software - please send them to the appropriate mailing list as described in the README file. exiting. I have also set the dhcp server to start at start up using code "[root@Fedora-Server etc]# /usr/rc.d/rc.local " the DHCP server is set to work on eth1 NIC, i have full access to the web on eth0 NIC. please help :Pengy: |
All times are GMT -5. The time now is 10:45 PM. |