Find the answer to your Linux question:
Results 1 to 3 of 3
Dear users, I'm trying to add a CentOS to a Windows Server 2008 domain. The CentOS is joined to the domain and now I want to login with Windows users ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Mar 2013
    Posts
    2

    CentOS 5.8 join Windows Server 2008 AD domain and login with AD users


    Dear users,

    I'm trying to add a CentOS to a Windows Server 2008 domain.
    The CentOS is joined to the domain and now I want to login with Windows users on the CentOS machines.
    Domain = testlab.local

    I tried the following commands to test if everythign works:
    kinit administrator = Works
    wbinfo -t = Succeeded
    wbinfo -g = All AD groups are shown
    wbinfo -a administrator%password = Plaintext and challange/response Succeeded
    id administrator = Fails (No such user)

    When I try yo login with a domain users it states "Login incorrect".


    Any idea what I am missing or I have forgotten to do?



    This is what is changed/added into CentOS:
    Installed kerberos:
    yum install krb5-libs
    yum install krb5-workstation
    yum install krb5-server

    Installed samba:
    yum install samba
    yum install samba-client
    yum install samba-winbind

    start winbind and samba on start-up:
    chkconfig smb on [Enter]
    chkconfig winbind on [Enter]

    Added the following to the /etc/krb5.conf:
    [libdefaults]
    default_realm = TESTLAB.LOCAL

    [realms]
    TESTLAB.LOCAL = {
    kdc = dc01.testlab.local
    admin_server = dc01.testlab.local
    }

    [domain_realm]
    .testlab.local = TESTLAB.LOCAL
    testlab.local = TESTLAB.LOCAL


    Added the following to the /etc/samba/smb.conf:
    workgroup = TESTLAB
    server string = CentOS
    netbios name = CentOS
    security = ads
    realm = TESTLAB.LOCAL
    winbind use default domain = Yes
    winbind nested groups = Yes
    winbind separator = +
    allowed trusted domains = Yes
    template shell = /sbin.bash
    idmap uid = 600-20000
    idmap gid = 600-20000
    password server = 172.16.52.1 (Domain server)


    Added the following to the /etc/nsswitch.conf:
    passwd: files winbind
    shadow: files winbind
    group: files winbind


    Added the following to the /etc/pam.d/system-auth-ac:
    auth sufficient pam_winbind.so use_first_pass
    account sufficient pam_winbind.so use_first_pass
    password sufficient pam_winbind.so use_first_pass
    session optional pam_winbind.so use_first_pass

    Joined the CentOS to the domain with the following command:
    net ads join -U administrator (Worked like a charm)

    Checked in the Server 2008 AD and CentOS was added.

    id administrator = Fails (No such user)
    When typing id, the administrator is not listed.
    Last edited by Robin_hood; 03-04-2013 at 10:57 AM. Reason: Added config

  2. #2
    Just Joined!
    Join Date
    Sep 2012
    Location
    Nashville, TN
    Posts
    97
    what format are you using to login with. I think it is <domain>+<username> instead of <domain>\<username>

  3. #3
    Just Joined!
    Join Date
    Mar 2013
    Posts
    2
    I thought the default_realm = TESTLAB.LOCAL would fix that you don't need to enter the domain when trying to login.

    I found the problem though. I forgot to add:
    idmap uid = 600-20000
    idmap gid = 600-20000

    I typed it above, but forgot to type it into the config itself.
    Can someone also explain how you can config that only users that are members of a particular group can login, like Domain Admins?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •