Results 1 to 3 of 3
Dear users,
I'm trying to add a CentOS to a Windows Server 2008 domain.
The CentOS is joined to the domain and now I want to login with Windows users ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 03-04-2013 #1Just Joined!
- Join Date
- Mar 2013
- Posts
- 2
CentOS 5.8 join Windows Server 2008 AD domain and login with AD users
Dear users,
I'm trying to add a CentOS to a Windows Server 2008 domain.
The CentOS is joined to the domain and now I want to login with Windows users on the CentOS machines.
Domain = testlab.local
I tried the following commands to test if everythign works:
kinit administrator = Works
wbinfo -t = Succeeded
wbinfo -g = All AD groups are shown
wbinfo -a administrator%password = Plaintext and challange/response Succeeded
id administrator = Fails (No such user)
When I try yo login with a domain users it states "Login incorrect".
Any idea what I am missing or I have forgotten to do?
This is what is changed/added into CentOS:
Installed kerberos:
yum install krb5-libs
yum install krb5-workstation
yum install krb5-server
Installed samba:
yum install samba
yum install samba-client
yum install samba-winbind
start winbind and samba on start-up:
chkconfig smb on [Enter]
chkconfig winbind on [Enter]
Added the following to the /etc/krb5.conf:
[libdefaults]
default_realm = TESTLAB.LOCAL
[realms]
TESTLAB.LOCAL = {
kdc = dc01.testlab.local
admin_server = dc01.testlab.local
}
[domain_realm]
.testlab.local = TESTLAB.LOCAL
testlab.local = TESTLAB.LOCAL
Added the following to the /etc/samba/smb.conf:
workgroup = TESTLAB
server string = CentOS
netbios name = CentOS
security = ads
realm = TESTLAB.LOCAL
winbind use default domain = Yes
winbind nested groups = Yes
winbind separator = +
allowed trusted domains = Yes
template shell = /sbin.bash
idmap uid = 600-20000
idmap gid = 600-20000
password server = 172.16.52.1 (Domain server)
Added the following to the /etc/nsswitch.conf:
passwd: files winbind
shadow: files winbind
group: files winbind
Added the following to the /etc/pam.d/system-auth-ac:
auth sufficient pam_winbind.so use_first_pass
account sufficient pam_winbind.so use_first_pass
password sufficient pam_winbind.so use_first_pass
session optional pam_winbind.so use_first_pass
Joined the CentOS to the domain with the following command:
net ads join -U administrator (Worked like a charm)
Checked in the Server 2008 AD and CentOS was added.
id administrator = Fails (No such user)
When typing id, the administrator is not listed.Last edited by Robin_hood; 03-04-2013 at 10:57 AM. Reason: Added config
- 03-04-2013 #2Just Joined!
- Join Date
- Sep 2012
- Location
- Nashville, TN
- Posts
- 67
what format are you using to login with. I think it is <domain>+<username> instead of <domain>\<username>
- 03-05-2013 #3Just Joined!
- Join Date
- Mar 2013
- Posts
- 2
I thought the default_realm = TESTLAB.LOCAL would fix that you don't need to enter the domain when trying to login.
I found the problem though. I forgot to add:
idmap uid = 600-20000
idmap gid = 600-20000
I typed it above, but forgot to type it into the config itself.
Can someone also explain how you can config that only users that are members of a particular group can login, like Domain Admins?
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
