join ads domain, automount network shares, etc.

[axelseap]

well, actually they do work. just look at the pics in post #2. you might not have them installed.

Code:

yum install authconfig-gtk system-config-network-tui

[axelseap]

Quote:

Originally Posted by obviousheart221

Is there a way I can change the join process so that Fedora doesn't attempt to create the new machine on the directory? I don't have administrator access to our corporate domain, however the machine's host exists on the directory. I just need to skip the step where it tries to create the machine on the domain and just bond with it. Any ideas?

i'm pretty sure u need administrative privileges. That sounds like a security flaw if you could get around it. but, if u pick the same name as an existing machine and join it, using administrative privileges, it'll modify the old account and overwrite it, kicking the old one off the domain.

[aganitte]

Ok, somewhere along the line I must have seriously screwed up and now its not letting me log into my own machine, not even with the original root and password.

I got this far:
At this point you should be able to log into the domain test it out in a terminal session.
Everything was working great. It renamed the computer, it 'saw' the domain and joined it fine, it used the domain's authentication to allow me to join, the works.

I logged out, rebooted, then tried to log in. Whenever I give it a domain-based username and password, it simply spits out 'incorrect login'. When I simply try the original root and the original password, it doesn't spit out an error, but it refreshes the whole login screen as if I'd not typed anything. Its as if its accepting some of the input, but spitting out the rest at some level.

Any tips on a work around? Any services at start up I can kill so it doesn't do whatever its doing? Or am I looking at a whole new build?

[axelseap]

did u not install pam_mount? it sounds like that is the problem. when booting up at the grub screen, press a. add 1 to the end. it'll now boot into a single-user with root privileges. modify your /etc/pam.d/ files and remove the auth required pam_mount.so line. then reboot, switch over to a tty and login as root. install pam_mount and all should be fine, if it's not pam_mount i'm not sure.

[aganitte]

Thanks for the quick reply. I went ahead and booted with the CD and did the rescue option, then replaced my /pam.d/login /samba/smb.conf and nsswitch.conf files with the original ones (I had done a back up).

I'm gonna go ahead and do this whole thing over now, see what steps I've done wrong.

[aganitte]

I checked, and I had not installed pam mount yet. I hadn't because I wasn't going to worry about drive mapping yet, just wanted to have the computer show up on the domain for now.

I have another question. In step 2 you state:

Quote:

2. run
Code:

system-config-authentication

under the authorization tab select enable winbind support. Then click on configure and enter the appropriate information for your network.
Winbind domain is your short domain name. If your domain is fedorarocks.com you would just enter fedorarocks here.
The security model is obviously ads
Winbind ADS Realm is your full domain name. Using the example above you'd enter fedorarocks.com
Winbind Domain Controllers is your primary domain controller (pdc) if you don't know what this is ask your network admin.
and for template shell select /bin/bash. Save and exit

I'm wondering why you only fill out the info for winbind in the authorization tab, but not the user information tab? Is it not needed?

[mikeshinoda11]

hi..

If my network didnt have any domain(all pc linked using switch, and I am the only user using linux..) can I join the windows network.

[axelseap]

if all those pcs are simply hooked up by a switch, then what is there to join? i don't get it. if there's no server then all u can do is file and print sharing, and there are plenty of other how-to's which talk about that

[aganitte]

I just tried it again from scratch, and although it claims to have worked from Linux's side, I can't log in using my ADS usernames. When I check my primary domain controller's event log, it recognizes my PC as having to tried to log in, but says it failed because my computer was not authenticated.

Does this thread assume you have already installed and have kereberos active? If so, can you provide a basic kereberos configuration for windows 2000 server?

[axelseap]

i have absolutely no clue on how to configure things server side. but i think that if you have an ads server that windows machines can authenticate to it should also work in linux, maybe you should try joining the domain again and see if that solves it

[aganitte]

You know its a wierd thing. If you do not use the kerberos authentication, the it lets you join the w2k domain just fine. If you put it on, the authentication fails. I have a feeling that winbind already does the kerberos authentication by default. Or something behind the scenes must, because I don't think w2k would let me join computers to its domain without it.

[mac3897]

Quick question. I think I managed to get the domain authentication working on laptop.
My question is if the laptop is removed from the AD network( say the user brought it home).

I can no longer log in using the AD username and password.

Is there a way for linux to cache the credentials similar to M$ operating systems?

Thanks
Scott

[axelseap]

yes, there is. but i have no clue how, i never felt the need to set that up so you'll have to do some digging through google

[mikeshinoda11]

Quote:

Originally Posted by axelseap

if all those pcs are simply hooked up by a switch, then what is there to join? i don't get it. if there's no server then all u can do is file and print sharing, and there are plenty of other how-to's which talk about that

just set workgroup on every pc and for ip setting just let windows set ip address automatically..we using a router as a getway to the internet..

[roger]

Hey AxelSeap,

Your tutorial works fine, i login using Samba and the shares are mounted automatically.

BUT:

I can just login once, after a logout and a new login, i get only a black screen with the mouse-pointer.

i already googled and wrote to the mailing-list, there was no response on this thread at all (perhaps of insufficient information)


this was surprising then:

What wonders me even more, is the output of ps -ef:

root 4135 2077 0 19:27 ? 00:00:00 /usr/sbin/gdm-binary -nodaemon
root 4164 4135 0 19:27 ? 00:00:00 /usr/sbin/gdm-binary -nodaemon
root 16666 4164 8 20:15 tty7 00:00:02 /usr/bin/Xorg :0 -audit 0 -auth
gdm 16677 4164 4 20:15 ? 00:00:00 [gdmgreeter] <defunct>

killing then the 1st line brings me back to login-screen, and after
login all works fine again, until i logout and try to login again.

What do you think about this issue?

Roger