Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.
COURSE of the MONTH
Free for PREMIUM members
Join a Windows 2000 Domain
I scoured the forums here and googled all information on this topic but was not able to do what I want to do. I'd really appreciate it if someone can walk me through this -
All I want to do is to get a RedHat 9 machine to join a Windows 2000 domain so I can log in with my network login here. Without joining the domain, I can still get to the internet but using other network resources is a bear. I have limited Administrative privileges for my department where I can easily create a machine name in Windows and attach it to the domain. In Windows XP Professional, all I have to do is go into the Computer Name tab in Systems properties and click on the Network ID button and can type in details like the machine name and domain and it joins the domain!
How do I do this exact thing in RH9?
Thanks in advance
All I want to do is to get a RedHat 9 machine to join a Windows 2000 domain so I can log in with my network login here. Without joining the domain, I can still get to the internet but using other network resources is a bear. I have limited Administrative privileges for my department where I can easily create a machine name in Windows and attach it to the domain. In Windows XP Professional, all I have to do is go into the Computer Name tab in Systems properties and click on the Network ID button and can type in details like the machine name and domain and it joins the domain!
How do I do this exact thing in RH9?
Thanks in advance
Asked:
-
2
-
2
- +3
1 Solution
do u have an nt domain or Active directory?
also i dont think there is a need for password server entry. you can code the wins server's ip(in case you work with an nt domain.)
also i dont think there is a need for password server entry. you can code the wins server's ip(in case you work with an nt domain.)
We current have a NT domain but will be moving to AD pretty soon (about 3 months or so). td_miles' suggestion worked wonderfully and I got the 'welcome to the domain' message. However, two questions:
1. Where to from here. Thinking in Windows terms, I can select the domain name at the login prompt and enter a valid username and password, and I would be authenticated. Does it work the same way in Linux/Samba?
2. How does the equation change when we move to AD?
Thanks
1. Where to from here. Thinking in Windows terms, I can select the domain name at the login prompt and enter a valid username and password, and I would be authenticated. Does it work the same way in Linux/Samba?
2. How does the equation change when we move to AD?
Thanks
for the second question, check http://insight.zdnet.co.uk/software/developer/0,39020469,2122363,00.htm
for the first part, i dont know exactly but you should check the support of your window manager.(i.e. KDE, gnome)
i know that you can make it against an LDAP server.
hope this helps.
for the first part, i dont know exactly but you should check the support of your window manager.(i.e. KDE, gnome)
i know that you can make it against an LDAP server.
hope this helps.
1. To authenticate your Linux box logons against the windows domain, you need to do two things:
(i). create an account on the linux box that has the SAME username as the windows domain account. Don't worry about making the password the same, just the username.
(ii). run the command "authconfig" from a Linux shell. Go to the section to configure SMB authentication. Enable it and put it your domain controller IP address(es).
Now when you logon to the Linux box will use the windows domain controller to authenticate your password. There may be a way to do this without a local user profile on the linux box, but I don't know of it. It is still using the local profile, just verifying the password using SMB authentication back to the windows domain.
2. Shouldn't change at all in AD. We have the exact same setup in a win2k AD domain and it works just fine.
(i). create an account on the linux box that has the SAME username as the windows domain account. Don't worry about making the password the same, just the username.
(ii). run the command "authconfig" from a Linux shell. Go to the section to configure SMB authentication. Enable it and put it your domain controller IP address(es).
Now when you logon to the Linux box will use the windows domain controller to authenticate your password. There may be a way to do this without a local user profile on the linux box, but I don't know of it. It is still using the local profile, just verifying the password using SMB authentication back to the windows domain.
2. Shouldn't change at all in AD. We have the exact same setup in a win2k AD domain and it works just fine.
What if you want any domain user to be able to log in to a linux box without having to add accounts for all users on the windows domain to the linux box.
Hi nerak99,
First you add winbind in your nsswitch.conf
passwd: files winbind
group: files winbind
hosts: files dns winbind
Add your realm to kerberos in krb.conf
Authenticate
#kinit user@REALM
Join the domain in Active directory
#net ads join -S DOMAIN -U user%passwd
Join the domain in NT Direcotry
#net rpc join -S DOMAIN -U user%passwd
In smb.conf ¨
Active Directory
[global]
security = ADS
password encrypt = yes
realm = REALM.COM
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
template home = /home/win2k/%D/%U
winbind separator = +
NT directory
[global]
security = DOMAIN
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
template home = /home/win2k/%D/%U
winbind separator = +
Create the home directories
run smb, nmb and winbind
you can probe winbind with
#wbinfo -u
#wbinfo -g
#getent passwd
#getent group
To a local login you need to edit your PAM settings, depend of your system.
In red hat, you need to edit the file system-auth.
In SuSe, login and xdm.
First you add winbind in your nsswitch.conf
passwd: files winbind
group: files winbind
hosts: files dns winbind
Add your realm to kerberos in krb.conf
Authenticate
#kinit user@REALM
Join the domain in Active directory
#net ads join -S DOMAIN -U user%passwd
Join the domain in NT Direcotry
#net rpc join -S DOMAIN -U user%passwd
In smb.conf ¨
Active Directory
[global]
security = ADS
password encrypt = yes
realm = REALM.COM
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
template home = /home/win2k/%D/%U
winbind separator = +
NT directory
[global]
security = DOMAIN
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
template home = /home/win2k/%D/%U
winbind separator = +
Create the home directories
run smb, nmb and winbind
you can probe winbind with
#wbinfo -u
#wbinfo -g
#getent passwd
#getent group
To a local login you need to edit your PAM settings, depend of your system.
In red hat, you need to edit the file system-auth.
In SuSe, login and xdm.
Check out:
http://www.redmondmag.com/columns/article.asp?EditorialsID=858
I followed this paper to the letter with Fedora Core 3 and it works very well... The only step I found missing was that I also needed to add a folder /home/"my domain name", and set its permissions to 777. Now I can login with any windows account. I have been trying to make this work for months, and this is the only time I have had success.
After you follow this article, then do the command:
wbinfo -g
This will show you your AD groups.
This next part is easiest if you install SWAT.
Start your samba daemons, create a share in samba and add:
valid users = "domain\security group"
Use the quotes, especially if your windows group name has any spaces in it, and make sure it matches what you saw in the wbinfo –g command.
http://www.redmondmag.com/columns/article.asp?EditorialsID=858
I followed this paper to the letter with Fedora Core 3 and it works very well... The only step I found missing was that I also needed to add a folder /home/"my domain name", and set its permissions to 777. Now I can login with any windows account. I have been trying to make this work for months, and this is the only time I have had success.
After you follow this article, then do the command:
wbinfo -g
This will show you your AD groups.
This next part is easiest if you install SWAT.
Start your samba daemons, create a share in samba and add:
valid users = "domain\security group"
Use the quotes, especially if your windows group name has any spaces in it, and make sure it matches what you saw in the wbinfo –g command.
Featured Post
Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.
-
2
-
2
- +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now
[global]
netbios name = SAMBA
workgroup = NT_DOMAIN
password server = NT_PDC, NT_BDC_1, NT_BDC_2
security = domain
you should be able to use the command:
smbpasswd -j <domain> -r <PDC> -U <NT administrator>
which will then prompt you for the administrator password
This was all grabbed from the following URL:
http://samba.linuxbe.org/en/samba/config/domain-1.html