Adding SuSE 10 workstation to a Windows Domain

nonsense28sal · 03-16-2006, 04:51 PM

Recently I have been trying to get a workstation running SuSE 10 to join my network at work. Our domain controller is IIS 5 Windows 2000 and we use Active Directory. For the life of me, I cannot get Samba to completely connect to the network. I have full admin rights to add a machine to the domain. In fact, if I logon to our server, I can see the machine name of the Linux machine that I tried to add, but from the Linux machine I cannot access all of the machines on the network. For instance, I can get to the main domain controller and the secondary domain controller, but not our server that hosts the website, which is not a domain controller. After setting up SuSE, I installed apt-get and upgraded Samba, so that should not be issue. I’ve tried to set SuSE up for the domain from the GUI as well as the command line, and have not been successful. The GUI gives me an error with no information. The box is literally blank except for the word "error" at the top. Is there anyone out there that has successfully done this? If so, please paste your config files and perhaps a walkthrough. I would eventually like to set up an Apache webserver to replace IIS, but if I cannot get a SuSE machine on the domain and demonstrate it to my superiors, this could hurt my efforts to get other open source solutions in to production. Any help would be appreciated.

paul_mat · 03-16-2006, 06:39 PM

on my website there is plently of information on joining Linux machines to a windows domain

http://www.yourhowto.org/content/view/31/9/ - Authentication against Active Directories using winbind for pop3

the only difference between that and what you want to do is edit the /etc/pam.d/login pam file

you can try my setup scripts if you want, but i think they will only work on fedora/rhel

http://www.geocities.com/evilperson85/serversetup/

but they are well worth a go.

you will find plently of information on my website listed below for all kinds of linux/windows Integration.

nonsense28sal · 03-17-2006, 10:03 AM

Thanks. I will take a look at that today.

nonsense28sal · 03-23-2006, 10:24 AM

I'm pretty much back to square one with SuSE 10 and Active Directory authentication. I can see my machine from other machines and from my Linux machine on the network. I was able to get my machine, Framboise, to join the domain. I can access my primary domain controller (PDC) and the backup dc, but I cannot access the third server that hosts the website from my SuSE machine. I attempted to set up Kerberos, but it does not seem to be working. I have my default domain as the one I wanted to join, LAW-LIBRARY0. I have the same for the realm. I then have the IP address of the primary domain controller in KDC server address. I do not have AFS support. When I run “kinit” with my username and password for AD, I get the following error: kinit(v5): KDC reply did not match expectations while getting initial credentials
The username and password supplied have full admin rights, so authorization should not be an issue.

Here is my Samba configure (smb.conf) file:

Code:

[global]
security = ads
restrict anonymous = yes
winbind use default domain = yes
domain master = no
preferred master = no
ads server = *IP address of my PDC*
workgroup = LAW-LIBRARY0
realm = LAW-LIBRARY0
max protocol = NT
ldap ssl = No
server signing = Auto
password server = *IP address of my PDC*

I attempted to use paul_mat's scripts above. To be fair, they seemed to work, but it did not resolve the problem. I also read over the other links, but I still do not see what I am doing wrong.

Any help would be appreciated.

Thanks!
-Stacey