Re: [SLE] Suse 9.0 and Active Directory
From: Silviu Marin-Caea (silviu_at_genesys.ro)
Date: Thu, 11 Dec 2003 17:41:21 +0200 To: email@example.com
Silviu Marin-Caea wrote:
> Brenden Bryan wrote:
>> I have a SuSE 9.0 Professional box that I've joined to my Active
>> domain using YAST. When I log out, I have a list of all of the domain
>> accounts to select from. When I attempt to select my DOMAIN\USER
>> account and
>> try to authenticate, I get an error message stating:
>> Xsession: login for DOMAIN\USER is disabled.
>> I'm then kicked back out to the login prompt. What do I need to do to
>> this account to login into the machine?
> I'm affraid it's a little more complicated than this.
> Read the winbind documentation, and pam_mkhomedir.
> I have all this working, I'll post a mini-HOWTO but I don't have the
> time, just right now.
Ok so, here there are some ready made configs. You have to read the
winbind documentation, or else.
passwd: compat winbind
group: compat winbind
/etc/pam.d/login (all of it)
#auth requisite pam_unix2.so nullok #set_secrpc
auth sufficient pam_winbind.so
auth required pam_unix2.so use_first_pass
auth required pam_securetty.so
auth required pam_nologin.so
#auth required pam_homecheck.so
auth required pam_env.so
auth required pam_mail.so
account sufficient pam_winbind.so
account sufficient pam_unix2.so
password required pam_pwcheck.so nullok
session required pam_unix2.so none # debug or trace
session required pam_limits.so
session required pam_mkhomedir.so skel=/etc/skel umask=0022
session optional pam_mount.so
security = domain
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind separator = +
template shell = /bin/bash
server string = Samba Server
template homedir = /home/%D+%U
Join the linux machine to the domain
smbpasswd -j DOMAIN -U Administrator%yourpassword
have nmb, smb and winbind running
chkconfig --add nmb...
To change the password in Active Directory from the Linux machine:
smbpasswd -r domain_controller -U username
I didn't figure it out how to configure /etc/pam.d/passwd properly to be
able to use the UNIX passwd utility for this.
I hope I didn't forget anything. Sorry it's not in more detail.
-- Check the headers for your unsubscription address For additional commands send e-mail to firstname.lastname@example.org Also check the archives at http://lists.suse.com Please read the FAQs: email@example.com