All,

Here's what I'm trying to do. I am trying to make it so that users on our W2K3 AD network can log into Linux machines with the exact same usernames and passwords. Is it possible to get Linux to TRULY authenticate against ADS for logins to the computer?

I have krb5.conf configured properly as well as Samba. The computers have successfully joined the ADS domain and kerberos kinit worked.

Can anyone point me in the right direction of how I can make it so I don't have to create new usernames and passwords for the Linux machines and make it so that users can sit down and log in to them the exact same way they do on the Windows machines (with the same usernames and passwords)?

Thanks in advance.

-dumbsheep

okay, the next thing your going to need to look at is pam (pluggable authentication module)

edit the/etc/pam.d/systm-auth to allow people to log into the linux machine.

there are maybe pam modules, pop, imap, sshd, etc so if you want them to be able to login via ssh then you'll need to edit the sshd pam module, etc

this is the pam module i have for my RHEL mail server, the users need a local account and an ADS account, it was a long time ago i did my pam work so i can't write you a module at the moment. but thats what you'll need to do

auth sufficient /lib/security/pam_winbind.so
auth requisite pam_pwdb.so shadow
account requisite pam_localuser.so

ps: webmin has a handy pam module if you can't figure it out via command line