Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Hi everybody, it's been a while since I lasted posted here, unfortunately. I got a new job that puts me more in the windows world than I might have liked, but it pays the bills and provides great experience, so I'll suck it up. Because I am in this windows shops, however, I figured it was prime real estate for figuring out how I can get Linux to operate seemlessly within its walls. I've managed to configure Samba, winbind, and kerberos. A kinit [user]@DOMAIN works fine, a Samba net ads join starts off okay, and then says some shpeel about "found glibc" and goes into a memory dump, but after that, when I try a wbinfo -u or -g, it spits back the correct information, so I figure it's still working okay. My next step was to create a local user which mirrors my domain user, minus password. When I attempt to login with this account, it fails, and my logs spit back the NT_NO_SUCH_USER or something along those lines. When I query ADS in my windows box, as the domain admin, my linux box shows up as a Domain Controller, which I'd like to change some how. Does anybody have any suggestions why everything would work except for user authentication, and why would my linux box show up as a domain controller when it should be a workstation? I've googled, and followed the docs to the T. Also, can anybody recommend some good ADS managment tools, command line is preferred. I am removing and adding users/computers to the domain on a daily basis and need this functionality if I'm to switch to Linux. Thanks in advance!
Mike.
Last edited by mikeyt_333; 08-16-2005 at 09:23 AM.
I'm no pro, but when I added 2 new Linux boxes to my network and had to force them to talk to the Windows monster, I added Samba, Kerberos and the likes...but nothing worked until WINS was enabled and RUNNING on the monster box. For some reason Samba likes the WINS protocol. Can't hurt to try it.
As for your DC problem, thats strange...but if your windows box is listed as a Backup Domain Controller you should be able to promote it to DC after taking the Linux box down for a minute. I get eventvwr logs all the time that say my Linux boxes are fighting over control, but they don't win.
Hope this helps a bit or at least causes you to have your own brain-snap!
I don't think it has to do with WINS, I am able to resolve things okay, the issue relates to my PDC responding with a NT_NO_SUCH_USER or some such error. This box is only a workstation, and as such should be added under that role, regardless of how it actually works on the network, is there something in smb.conf that deligates what it should join as?
I know I have edited the following files, and can post them if needed:
smb.conf
krb5.conf
/etc/pam.d/login
I'm not certain about nsswitch.conf, I'm not in linux at the moment so I can't tell.
I read somewhere that adding a local user is necessary, even when authenticating via AD, truthfully, it didn't make sense to me either, but I was trying anything. Also, having a local user will allow me to login when the PDC is inaccessable.
Thanks again for the replies, I will post errors, and conf files in a bit.
I just noticed some descrepencies in the krb5.conf, notice that my default_realm is MY.DOMAIN.CONTROLLER, and then my realms definitions only have my DOMAIN listed as a realm, I'll see what happens when this is changed, although, kinit works just fine when I do:
Code:
kinit -U [USERNAME]@[MY.DOMAIN.CONTROLLER]
/etc/pam.d/login:
Code:
#%PAM-1.0
auth required pam_securetty.so
auth sufficient pam_winbind.so
auth sufficient /lib/security/pam_unix.so use_first_pass
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account sufficient pam_winbind.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_mkhomedir.so skel=/etc/skel
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_stack.so service=system-auth
session optional pam_console.so
# pam_selinux.so open should be the last session rule
session required pam_selinux.so multiple open
The part of the dump referring to: "Client not found in Kerberos database" is repeated about 30 times before the rest of it happens.
And finally, here's the actual error in my /var/log/messages:
Code:
Aug 16 16:23:16 [HOSTNAME] pam_winbind[2464]: request failed: No such user, PAM error was 10, NT error was NT_STATUS_NO_SUCH_USER
Aug 16 16:23:16 [HOSTNAME] login(pam_unix)[2464]: authentication failure; logname= uid=0 euid=0 tty=tty2 ruser= rhost= user=[USERNAME]
Wow, that's a doozy, thanks for any help you can provide, I will keep fighting it.
I just found this in my /var/log/samba/winbindd.log:
Code:
[2005/08/16 17:19:51, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth(259)
Authentication for domain [LOCALHOST] (local domain to this server) not supported at this stage
where [LOCALHOST] refers to my machines hostname, shouldn't that be the domain I'm trying to authenticate to?
And, when I do: getent passwd I can grep for my domain user:
WOOHOO! I got it! When I finally for getent passwd printing the correct information, I tried logging in, and the screen simply flashed. This was because somewhere, the default user directory for new users was /home/[DOMAIN/[USERNAME]. The user didn't have permissions to create /home/[DOMAIN], so, creating it as root allowed the user permissions to create their user directory in /home/[DOMAIN]. This got me access to the console. Then, I couldn't log into X-windows. This was because my /etc/pam.d/gdm didn't reflect the same changes in /etc/pam.d/login. By making my /etc/pam.d/gdm the following:
I was able to login as a Domain user! I am so stoked! Now, does anybody know of good tools for managing computers and users on the domain, primarily adding and deleting users? Thanks for your help everybody, I hope somebody finds this thread useful in the future!
Just as a note, you always have to login from the Linux machine using the DOMAIN\username format because Windows has to know which domain the user belongs to. The reason we don't do this in Windows is because it has a Domain field on the login box that specifies the domain to which we're logging in.
gotcha. Any ideas why ntlm wouldn't function properly, and is there a way to make it so a domain user can log on when the system isn't connected to the domain? Thanks!
I can only think that you would need the Name Service Caching Daemon (nscd) running to cache previous logins if you want users to login when not connected to the domain. I haven't tested this myself as many people stated nscd should be turned off when using Samba authentication to AD. I don't remember why though
Hi,
I am very new to linux system. What i am trying to do now is to set up a server that is similar to windows server. My situation is as following:
I got eight linux machine, one installed fedora 4 (set as server) and the other seven is fedora 2 (no time to reinstall).
I got another 4-5 winXP machines.
What i want to know is, how can i setup the linux server such that all the user accounts are only created/deleted inside the server instead of creating the user account in every machines? Using samba?NIS? And after the server is setup, how can i configure the linux clients such that i can choose which domain i want to log on? Thank you for responses and hope can find help here.
First, your best chance of getting help with an issue like this is to open a new thread, rather than posting in a thread that has a totally different focus. People will read this thread to help with the question at hand, which is what they would do if they saw a new thread with your own heading. Go here, and read through the document, it will tell you everything you need to know:
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
