Red HatThis forum is for the discussion of Red Hat Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello,
I am trying to authenticate RHEL 6.6 against my AD infrastructure. I have setup kerbos, samba and created the sssd file.
I am able to ssh to the box and use My AD password and login. But I also have a local account for configuring. when I delete the local user account it says I have a bad password.
zombie need data. Not brains, data. (OK, also need brains.)
Quote:
Originally Posted by B3rgman
Hello,
I am trying to authenticate RHEL 6.6 against my AD infrastructure. I have setup kerbos, samba and created the sssd file.
I am able to ssh to the box and use My AD password and login. But I also have a local account for configuring. when I delete the local user account it says I have a bad password.
Have I missed a step?
Thank you!!!
Have you set it up to match local and AD accounts, or when you log on using AD does it create the local user and home? No matter how you authenticate, you need a local home folder. If your local and AD users had the same home, you just messed up the link between them.
BTW: Windows does the same thing. You may authenticate using AD credentials, but it creates a local home folder tree and caches information locally.
So much depends upon the details! If this is not enough to help you, we may need you to quote your Samba config file, kerberos, nss, and one line from your passwd.
Hi wpekham,
Thanks for the reply. I thought I had set it up to create home folders. I did it another way with OEL 6.7 and I am able to authenticate to it. But I get
Domain Controller unreachable, using cached credentials instead. Network resources may be unavailable
Could not chdir to home directory <path\user> No such file or directory. This doesn't happen all the time but seems to more than not. I am able to do blind wbinfo commands and get results. so I believe it is tied to my domain. I added it using authconfig-gtk. Is there anything that needs to be set to create the home folder?
Hi wpekham,
Thanks for the reply. I thought I had set it up to create home folders. I did it another way with OEL 6.7 and I am able to authenticate to it. But I get
Domain Controller unreachable, using cached credentials instead. Network resources may be unavailable
Could not chdir to home directory <path\user> No such file or directory. This doesn't happen all the time but seems to more than not. I am able to do blind wbinfo commands and get results. so I believe it is tied to my domain. I added it using authconfig-gtk. Is there anything that needs to be set to create the home folder?
Ok I got this to work finally with keytabs. Now the new issue. How can I get my other trusted domains to authenticate to this box? it only seems to want to connect to the domain it is connected to. But in my forest there are about 4 domains.
Ok I got this to work finally with keytabs. Now the new issue. How can I get my other trusted domains to authenticate to this box? it only seems to want to connect to the domain it is connected to. But in my forest there are about 4 domains.
I have never done that myself, but I do remember running into it in the documentation. I did not mark it, since it was not something I needed. I suggest you google for that, I bet it will turn up on the first page.
I have never done that myself, but I do remember running into it in the documentation. I did not mark it, since it was not something I needed. I suggest you google for that, I bet it will turn up on the first page.
I googled for several hours yesterday with no clear results. Maybe im searching the wrong key words. Im going to try again today
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.