Solved

Active directory and Debain

Posted on 2008-10-31
23
1,013 Views
Last Modified: 2013-12-24
Hello,
Is there any way to mach Windows 2003 active directory to debian.
I mean i want to create user in debian but password is reading from active directory.
Thanks
0
Comment
Question by:Aida2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 13
  • 8
23 Comments
 
LVL 29

Expert Comment

by:fosiul01
ID: 22849668
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 22849691
0
 
LVL 1

Author Comment

by:Aida2
ID: 22853429
Hello,
Thanks for your sug.
I get errror :
kinit(v5): Improper format of Kerberos configuration file while initializing Kerberos 5 library
my /etc/krb5.conf is look like

[libdefaults]
        default_realm = test.local
        dns_lookup_realm = false
        dns_lookup_kdc = false
// clock_skew = 300
        ticket_lifetime = 24h
        forwardable = yes

# The following krb5.conf variables are only for MIT Kerberos.
        krb4_config = /etc/krb.conf
        krb4_realms = /etc/krb.realms
        kdc_timesync = 1
        ccache_type = 4
        forwardable = true
        proxiable = true
# The following libdefaults parameters are only for Heimdal Kerberos.
        v4_instance_resolve = false
        v4_name_convert = {
                host = {
                        rcmd = host
                        ftp = ftp
                }
                plain = {
                        something = something-else
                }
        }
        fcc-mit-ticketflags = true

[logging]

        default = FILE:/var/log/krb5.log
        kdc = FILE:/var/log/krb5kdc.log
        admin_server = FILE:/var/log/kadmin.log

[realms]
        test.local = {
                kdc = ford.test.local
                admin_server = ford.test.local
                default_domain = test.local
                        }
        ATHENA.MIT.EDU = {
                kdc = kerberos.mit.edu:88
                kdc = kerberos-1.mit.edu:88
                kdc = kerberos-2.mit.edu:88
                admin_server = kerberos.mit.edu
                default_domain = mit.edu
        }
        MEDIA-LAB.MIT.EDU = {
                kdc = kerberos.media.mit.edu
                admin_server = kerberos.media.mit.edu
        }
        ZONE.MIT.EDU = {
                kdc = casio.mit.edu
                kdc = seiko.mit.edu
                admin_server = casio.mit.edu
        }
        MOOF.MIT.EDU = {
                kdc = three-headed-dogcow.mit.edu:88
                kdc = three-headed-dogcow-1.mit.edu:88
                admin_server = three-headed-dogcow.mit.edu
        }
        CSAIL.MIT.EDU = {
                kdc = kerberos-1.csail.mit.edu
                kdc = kerberos-2.csail.mit.edu
                admin_server = kerberos.csail.mit.edu
                default_domain = csail.mit.edu
                krb524_server = krb524.csail.mit.edu
        }
        IHTFP.ORG = {
                kdc = kerberos.ihtfp.org
                admin_server = kerberos.ihtfp.org
        }
        GNU.ORG = {
                kdc = kerberos.gnu.org
                kdc = kerberos-2.gnu.org
                kdc = kerberos-3.gnu.org
                admin_server = kerberos.gnu.org
        }
        1TS.ORG = {
                kdc = kerberos.1ts.org
                admin_server = kerberos.1ts.org
        }
        GRATUITOUS.ORG = {
                kdc = kerberos.gratuitous.org
                admin_server = kerberos.gratuitous.org
        }
        DOOMCOM.ORG = {
                kdc = kerberos.doomcom.org
                admin_server = kerberos.doomcom.org
        }
        ANDREW.CMU.EDU = {
                kdc = vice28.fs.andrew.cmu.edu
                kdc = vice2.fs.andrew.cmu.edu
                kdc = vice11.fs.andrew.cmu.edu
                kdc = vice12.fs.andrew.cmu.edu
                admin_server = vice28.fs.andrew.cmu.edu
                default_domain = andrew.cmu.edu
        }
        CS.CMU.EDU = {
                kdc = kerberos.cs.cmu.edu
                kdc = kerberos-2.srv.cs.cmu.edu
                admin_server = kerberos.cs.cmu.edu
        }
        DEMENTIA.ORG = {
                kdc = kerberos.dementia.org
                kdc = kerberos2.dementia.org
                admin_server = kerberos.dementia.org
        }
        stanford.edu = {
                kdc = krb5auth1.stanford.edu
                kdc = krb5auth2.stanford.edu
                kdc = krb5auth3.stanford.edu
                admin_server = krb5-admin.stanford.edu
                default_domain = stanford.edu
        }

[domain_realm]
        .kerbos.server = test.local
        .DOMAIN.LOCAL = test.local
        .mit.edu = ATHENA.MIT.EDU
        mit.edu = ATHENA.MIT.EDU
        .media.mit.edu = MEDIA-LAB.MIT.EDU
        media.mit.edu = MEDIA-LAB.MIT.EDU
        .csail.mit.edu = CSAIL.MIT.EDU
        csail.mit.edu = CSAIL.MIT.EDU
        .whoi.edu = ATHENA.MIT.EDU
        whoi.edu = ATHENA.MIT.EDU
        .stanford.edu = stanford.edu

[login]
        krb4_convert = true
        krb4_get_tickets = false

_________________
Please Help
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 29

Expert Comment

by:fosiul01
ID: 22854052
HI, i didnot implement this before.
but lets try to fix it .
which tutorial are you trying to follow and which command did you get this error
if you can tell me i could of look in to this
thanks
0
 
LVL 1

Author Comment

by:Aida2
ID: 22854123
I follow your first link
http://rubenleusink.com/debian-linux-filesharing-with-microsoft-active-directory-authentication-2008-10-07/
after install all package i edit the file krb5.conf then i ran the command (in step 4)
kint administrator@test.local and i have error

kinit(v5): Improper format of Kerberos configuration file while initializing Kerberos 5 library
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 22854207
While i look for other documents
have a look at this one
https://bugs.launchpad.net/ubuntu/+source/kerberos-configs/+bug/179142

also :
Error Message


Improper format of Kerberos configuration file

Reason Occurred
The Kerberos configuration file (krb5.conf) has invalid entries.

Solution
Make sure all the relations in the krb5.conf file are followed by the "=" sign and a value, and verify that the brackets are present in pairs for each subsection.


does those make any sense ??

 I am searching more..
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 22854228
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 22854266
if i check your krb5.conf and the tutorial

you have
[login]
        krb4_convert = true
        krb4_get_tickets = false

extra, is that allright ??
0
 
LVL 1

Author Comment

by:Aida2
ID: 22856201
Yes it was default i don't use krb4.
what about my domain and server in all example i can see they are write with uppercase.
And i don't.
0
 
LVL 1

Author Comment

by:Aida2
ID: 22865161
Hello,
Now it's work and i goin my server to domain. but in step 9 when i say wbinfo -u it should list
all doamin user but i get error :
Error looking up domain users

ANY IDEA
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 22865377
hi yah sorry due to weaked i was in holiday

let me see again the tutorial
i will come back to you soon
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 22865467
check this one

http://www.experts-exchange.com/Networking/Unix_Networking/Q_21492200.html

"Does your PDC know itself by name you call it in /etc/hosts ???"

from google, its sure its dns issue

let me check little more
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 22865499
what about the user permission ??
from linux box you have connected to windoes AD, and from linux box you are trying to get domain user informationf from Windows AD , is not it ??

so the user name you are trying to use, does it have proper permission to do this query ??
0
 
LVL 1

Author Comment

by:Aida2
ID: 22865840
I try to ran the command   sudo net ads join -U "DOMAINADMIN" and administrator for "DOMAINADMIN":
sudo net ads join -U administrator
administrator's password:
[2008/11/03 11:34:48, 0] utils/net_ads.c:ads_startup(289)
  ads_connect: Interrupted system call
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 22866040
check this one, its a dns issue

http://bbs.archlinux.org/viewtopic.php?id=31255

i will have a look more , just give me little more etime
0
 
LVL 29

Accepted Solution

by:
fosiul01 earned 63 total points
ID: 22866367
http://www.informit.com/content/images/0131882228/downloads/0131882228_book.pdf

page 441

just read , and check if this is same to your configuraion

the problem is : either password or dns
0
 
LVL 1

Author Comment

by:Aida2
ID: 22878151
Hello,
Thnks for your advise all is fine and working. How can i create usersand sync. with my ad?
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 22878226
haahahah , you dont have to thank me, because, if it works , its working for you.

i realy never work with ubundo , i was just trying to help you with google search thats all.

about sync with AD let me have a look in google again, i will come back to you,

but that tutorial does not say anything about sync with AD ??

0
 
LVL 1

Author Comment

by:Aida2
ID: 22884505
I have debian not ubundo . when i say wbinfo -u in my debian i can see all users in my active directory
How can i sync user i mean should i create user in linux box then how can i say sync password with ad.
I have no user in my linux.
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 22884538
omm tel me something

you can the usernname from AD
pick a username which is in AD, and try to logon with that username in ubundo, does it work ??
0
 
LVL 1

Author Comment

by:Aida2
ID: 22903505
Yes it's working, but user don't have permission to create a directory or doing anything
What the user can see it's his directory (don't have permission to open it) and printer.
0
 
LVL 3

Assisted Solution

by:coanda
coanda earned 62 total points
ID: 22957863
if you've set passwd and group in /etc/nsswitch.conf to use winbind then that's where the user/group will come from, which means if you're trying to create a directory the directory that it's being created in needs to have the appropriate permissions for your user/group that are from winbind. you can see what groups that your user is part of by:

$ groups user

once you know that you can change permissions on the directory to be what you want them to, linux file permissions are set using read/write/execute bits for user/group/other. for example, if you wanted to give the user and the group read and write permissions on a file/directory and only read for everyone outside of the group you would:

$ sudo chown ADUser.ADGroup /path/to/file
$ sudo chmod u=rw,g=rw,o=r /path/to/file
0

Featured Post

Enroll in May's Course of the Month

May’s Course of the Month is now available! Experts Exchange’s Premium Members and Team Accounts have access to a complimentary course each month as part of their membership—an extra way to increase training and boost professional development.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Azure Functions is a solution for easily running small pieces of code, or "functions," in the cloud. This article shows how to create one of these functions to write directly to Azure Table Storage.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question