Re: [SLE] Suse 9.0 and Active Directory
From: Silviu Marin-Caea (silviu_at_genesys.ro)
Date: 12/11/03
- Previous message: Trey Gruel: "Re: [SLE] Missing modules.dep file"
- In reply to: Silviu Marin-Caea: "Re: [SLE] Suse 9.0 and Active Directory"
- Next in thread: Silviu Marin-Caea: "Re: [SLE] Suse 9.0 and Active Directory"
- Reply: Silviu Marin-Caea: "Re: [SLE] Suse 9.0 and Active Directory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 11 Dec 2003 17:41:21 +0200 To: suse-linux-e@suse.com
Silviu Marin-Caea wrote:
> Brenden Bryan wrote:
>
>> I have a SuSE 9.0 Professional box that I've joined to my Active
>> Directory
>> domain using YAST. When I log out, I have a list of all of the domain
>> user
>> accounts to select from. When I attempt to select my DOMAIN\USER
>> account and
>> try to authenticate, I get an error message stating:
>> Xsession: login for DOMAIN\USER is disabled.
>>
>> I'm then kicked back out to the login prompt. What do I need to do to
>> enable
>> this account to login into the machine?
>
>
> I'm affraid it's a little more complicated than this.
>
> Read the winbind documentation, and pam_mkhomedir.
>
> I have all this working, I'll post a mini-HOWTO but I don't have the
> time, just right now.
Ok so, here there are some ready made configs. You have to read the
winbind documentation, or else.
in /etc/nsswitch.conf
passwd: compat winbind
group: compat winbind
/etc/pam.d/login (all of it)
#%PAM-1.0
#auth requisite pam_unix2.so nullok #set_secrpc
auth sufficient pam_winbind.so
auth required pam_unix2.so use_first_pass
auth required pam_securetty.so
auth required pam_nologin.so
#auth required pam_homecheck.so
auth required pam_env.so
auth required pam_mail.so
account sufficient pam_winbind.so
account sufficient pam_unix2.so
password required pam_pwcheck.so nullok
session required pam_unix2.so none # debug or trace
session required pam_limits.so
session required pam_mkhomedir.so skel=/etc/skel umask=0022
session optional pam_mount.so
/etc/samba/smb.conf
security = domain
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind separator = +
template shell = /bin/bash
server string = Samba Server
template homedir = /home/%D+%U
Join the linux machine to the domain
smbpasswd -j DOMAIN -U Administrator%yourpassword
have nmb, smb and winbind running
rcnmb start...
chkconfig --add nmb...
To change the password in Active Directory from the Linux machine:
smbpasswd -r domain_controller -U username
I didn't figure it out how to configure /etc/pam.d/passwd properly to be
able to use the UNIX passwd utility for this.
I hope I didn't forget anything. Sorry it's not in more detail.
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
- Previous message: Trey Gruel: "Re: [SLE] Missing modules.dep file"
- In reply to: Silviu Marin-Caea: "Re: [SLE] Suse 9.0 and Active Directory"
- Next in thread: Silviu Marin-Caea: "Re: [SLE] Suse 9.0 and Active Directory"
- Reply: Silviu Marin-Caea: "Re: [SLE] Suse 9.0 and Active Directory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
