User validation in Windows PDC

fjleal · #1 19th March 2004, 09:08 AM

Greetings!

I need to configure some FC1 client workstations to allow the users of a Windows PDC to log in (and to be validated against that PDC, not locally on FC1). The Windows server and the FC1 client machines are on the same network. I've been reading about winbind and pam authentication modules, but winbind doesn't even start on my test workstation (maybe I need to fully install Samba?...).

Is there an easier way to do this? Does anyone have some experience regarding such subject?

Thanks a lot!

kmg_usmc · #2 19th March 2004, 07:52 PM

This is from memory, but have you tried authconfig? Click on the "Authentication" tab, and select to enable SMB Authentication. There should then be a button to configure SMB for your network.

fjleal · #3 19th March 2004, 08:43 PM

Yes, there is. Actually, that's the first thing I did. But after selecting SMB and filling the server name and workgroup name fields, I try to login with any Windows Domain user and I get an error message (user doesn't exist).
It seems to me that the logins are not validated against the PDC, even with the SMB login selected and the PDC info correctly filled...

h4d · #4 26th April 2004, 07:21 PM

Hi, I'm having the same problem: Trying to get the FC1 machines to login to a WinNT Domain Controlers, in order for all the users to have the same profile accross the network. Please let me know if you found out a way of doing this!

cheers

hob · #5 2nd May 2004, 12:20 PM

authconfig didn't work on my FC1 test box either, although it may be because it didn't have a valid machine account on the domain.

There are step-by-step instructions in the docs for making Samba a member server:

/usr/share/doc/samba-3.0.2/docs/htmldocs/domain-member.html#ads-member

HTH

jeru · #6 5th May 2004, 09:48 AM

Not really an easier way to do it, you are going to have to use winbind.

the best source of information on this is;
man winbindd
and
lynx winbind.html
or whatever you want to read
/usr/share/doc/samba-x.x.x/docs/htmldocs/winbind.html
or
http://us1.samba.org/samba/ftp/docs/...s/winbind.html

simply joining ads doesn't fix the unix portion that needs to be in place for NT users to log on locally to the linux workstation.... You still need something to bridge those users and groups to the local system. (aka winbind)

If it doesn't start, you are still missing something. I don't know what that is without knowing what you've done so far.

blue_error · #7 6th May 2004, 11:04 PM

I have this this setup working on a box of mine.

What I did was installed the latest version of samba from source. And copied over the new libnss_winbind.so from the <samba source/source directory to /lib and made a symlink from libnss_winbind.so to libnss_winbind.so.2

Code:

ln -s /lib/libnss_winbind.so libnss_winbind.so.2

then join to domain:

Code:

/usr/local/samba/bin/net rpc join -U <username>

then you need to add winbind to your nsswitch.conf

edit as necessary so it looks like this:

passwd: files winbind
shadow: files winbind
group: files winbind

Now type:

Code:

getent passwd

Your local accounts and domain accounts should now show up.

fjleal · #8 6th May 2004, 11:55 PM

Hummm... Can your Windows Domain users login in the Linux box? How about home directories, user IDs...?

From the Samba documentation, I got the idea that Samba may be used as a PDC, so that the Windows workstations would register with that "domain"... I need to read a lot more about Samba (and it surely has a lot to read...) , but having Windows workstations acting as clients to a Samba server would be an even better solution. Having a centralised users control if essential to me. Probably someone has already done this?...

Thanks a lot!

jeru · #9 7th May 2004, 12:25 AM

Quote:

Originally posted by fjleal
Hummm... Can your Windows Domain users login in the Linux box? How about home directories, user IDs...?

Yep.....

Look closer at the previous 2 posts. Home directories will be created when the user logs on just like NT profiles on a NT box.

htw · #10 27th May 2004, 03:27 PM

Hi,

after millons of docs and the instruction of the former post I´m still facing two problems:

1. the home directors have to be in place - there is no auto function for creating home dirs for new Domain users
2. It is nice to login when my notebook is connected to the intranet but without connection no authentication - is there a simple way to get the domain users locally created

Info: Login name is: DOMAINNAME\username

Any ideas?

Harald