Authenticating Windows Users on FD2

weeden · #1 2004-12-17, 10:24 AM CST

Afternoon....

I know this question has been asked hundreds of time's but I haven't been able to find a complete guide anywhere on the net!

I want to add my FC2 machines into my Active Directory environment and allow users to logon to the FC2 machines using thier Window's usernames.

Sounds simple.... but no!

I have achieved partial success. I have managed to setup Kerberos authentication and can authenticate ANY user against active directory using kinit USERNAME.
I have also setup Samba and can browse the shares on the Windows domain controller with out any issue. When I try to log on via GNOME to the box using a Windows username and password i can't. The below errors are logged.

Dec 17 17:11:53 linuxdisc gdm[3165]: nss_ldap: could not search LDAP server - Operations error
Dec 17 17:11:55 linuxdisc last message repeated 7 times
Dec 17 17:11:55 linuxdisc gdm(pam_unix)[3165]: check pass; user unknown
Dec 17 17:11:55 linuxdisc gdm(pam_unix)[3165]: authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=
Dec 17 17:11:55 linuxdisc gdm-binary[3165]: nss_ldap: could not search LDAP server - Operations error
Dec 17 17:11:55 linuxdisc gdm-binary[3165]: pam_krb5[3165]: error resolving user name 'MY_USERNAME' to uid/gid pair
Dec 17 17:11:55 linuxdisc gdm-binary[3165]: pam_krb5[3165]: error getting information about 'MY_USERNAME'
Dec 17 17:11:55 linuxdisc gdm-binary[3165]: pam_ldap: ldap_search_s Operations error
Dec 17 17:11:59 linuxdisc gdm-binary[3165]: Couldn't authenticate user

The even wierder thing is that I have managed to add this machine to the domain.

I have clearly missed a step or two but am at a loose end so I would appreciate any help anyone can offer!

Thanks

Weeden

mccabemt · #2 2004-12-17, 02:18 PM CST

I'm not to familiar with Active Directory but I've run into similiar problems uing Open Afs. It turns out all it was was that I forgot to edit the gdm pam configuration file.

weeden · #3 2004-12-19, 07:55 AM CST

Ahh... That sounds like the cure.... I can only find documentation on the net about Suse Linux and it refers to pam_unix2.conf file which I can't find on FC2. Do you remember which file I need to edit, and or can you point me towards any doc's that might help?

Cheers

weeden · #4 2005-01-13, 04:08 AM CST

I found this which solved most of the problems.
http://www.redmondmag.com/columns/ar...itorialsID=858

It doesn't mention the following changes to the smb.conf file

idmap backend = ldap:ldap://ldapserver.domain.com
ldap idmap suffix = dc=domain,dc=com
ldap admin dn = cn=Administrator,cn=Users,dc=domain,dc=com
ldap suffix = dc=domain,dc=com

Save the conf file and run "smbpasswd -w ADMIN_DN_PASSWORD"

Then run: (to get the Windows User's Passwords and Groups)
getent passwd
getent group

Add to /etc/pam.d/system-auth
session optional /lib/security/$ISA/pam_mkhomedir.so

And you're ready to go! You will now beable to login via X with your Windows user name and password