Hi Macusr,
I ran into similar issues trying to authenticate user's defined on my SuSE server, via my AD Server. I finally got it to work, and it was really quite simple. Winbind was not even required, nor was LDAP. They were much too involved. A kerberos client is all you need installed. Here's what I did. These instructions are based on using userids that are all numerics, your ids may vary. These instructions also assume that you have YaST, if not you must install the Kerberos client manually.
How to setup SuSE Linux authentication to use Active Directory
1) From the linux desktop, start YaST
2) Select [Networking Services]
a. Select [Kerberos Client]
i. Select radio button [Use Kerberos]
ii. Basic Kerberos Settings
1. Default Domain: YOURDOMAIN.COM
2. Default Realm: YOURDOMAIN.COM
3. KDC Server Address: windowsdc.yourdomain.com
4. CLICK [Finish]
(this dialog will modify /etc/krb5.conf)
3) From a command prompt
a. Kinit userid (where userid is your 5 digit network id)
You will be prompted for your password
eg.
12345@YOURDOMAIN.COM’s Password:
your response will be:
kinit: NOTICE: ticket renewable lifetime is 1 week
4) Once you have verified the Kerberos client set-up is working, you will need to tie the linux login screen to Kerberos.
a. Edit the /etc/security/pam_unix2.conf file. Add the following lines:
auth: use_krb5 nullok
account: use_krb5
password: use_krb5 nullok
session: none
5) Add user manually to /etc/passwd (make sure you use a unique uid!!!!)
12345:x:1002:100:Joe Geeko:/home/12345:/bin/bash
6) Create user’s home directory
cp –R /etc/skel /home/12345
7) Change ownership to new user
chown –R 12345. /home/12345
8) you can now logout and login with your new Active Directory credentials.
note: the userids I use are numeric, and must be added manually to /etc/passwd. If you have userids that don't start with a numeric, you will be able to use YaST or useradd.
I did not need to install winbind or samba. I also didn't need to do a net ads join.
These instructions are simply designed to allow you to use your AD user id to authenticate to linux.
HOPE THIS HELPS!
Bret