Active directory and Debain

Hello,
Is there any way to mach Windows 2003 active directory to debian.
I mean i want to create user in debian but password is reading from active directory.
Thanks
LVL 1
Aida2Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

fosiul01Commented:
0
Aida2Author Commented:
Hello,
Thanks for your sug.
I get errror :
kinit(v5): Improper format of Kerberos configuration file while initializing Kerberos 5 library
my /etc/krb5.conf is look like

[libdefaults]
        default_realm = test.local
        dns_lookup_realm = false
        dns_lookup_kdc = false
// clock_skew = 300
        ticket_lifetime = 24h
        forwardable = yes

# The following krb5.conf variables are only for MIT Kerberos.
        krb4_config = /etc/krb.conf
        krb4_realms = /etc/krb.realms
        kdc_timesync = 1
        ccache_type = 4
        forwardable = true
        proxiable = true
# The following libdefaults parameters are only for Heimdal Kerberos.
        v4_instance_resolve = false
        v4_name_convert = {
                host = {
                        rcmd = host
                        ftp = ftp
                }
                plain = {
                        something = something-else
                }
        }
        fcc-mit-ticketflags = true

[logging]

        default = FILE:/var/log/krb5.log
        kdc = FILE:/var/log/krb5kdc.log
        admin_server = FILE:/var/log/kadmin.log

[realms]
        test.local = {
                kdc = ford.test.local
                admin_server = ford.test.local
                default_domain = test.local
                        }
        ATHENA.MIT.EDU = {
                kdc = kerberos.mit.edu:88
                kdc = kerberos-1.mit.edu:88
                kdc = kerberos-2.mit.edu:88
                admin_server = kerberos.mit.edu
                default_domain = mit.edu
        }
        MEDIA-LAB.MIT.EDU = {
                kdc = kerberos.media.mit.edu
                admin_server = kerberos.media.mit.edu
        }
        ZONE.MIT.EDU = {
                kdc = casio.mit.edu
                kdc = seiko.mit.edu
                admin_server = casio.mit.edu
        }
        MOOF.MIT.EDU = {
                kdc = three-headed-dogcow.mit.edu:88
                kdc = three-headed-dogcow-1.mit.edu:88
                admin_server = three-headed-dogcow.mit.edu
        }
        CSAIL.MIT.EDU = {
                kdc = kerberos-1.csail.mit.edu
                kdc = kerberos-2.csail.mit.edu
                admin_server = kerberos.csail.mit.edu
                default_domain = csail.mit.edu
                krb524_server = krb524.csail.mit.edu
        }
        IHTFP.ORG = {
                kdc = kerberos.ihtfp.org
                admin_server = kerberos.ihtfp.org
        }
        GNU.ORG = {
                kdc = kerberos.gnu.org
                kdc = kerberos-2.gnu.org
                kdc = kerberos-3.gnu.org
                admin_server = kerberos.gnu.org
        }
        1TS.ORG = {
                kdc = kerberos.1ts.org
                admin_server = kerberos.1ts.org
        }
        GRATUITOUS.ORG = {
                kdc = kerberos.gratuitous.org
                admin_server = kerberos.gratuitous.org
        }
        DOOMCOM.ORG = {
                kdc = kerberos.doomcom.org
                admin_server = kerberos.doomcom.org
        }
        ANDREW.CMU.EDU = {
                kdc = vice28.fs.andrew.cmu.edu
                kdc = vice2.fs.andrew.cmu.edu
                kdc = vice11.fs.andrew.cmu.edu
                kdc = vice12.fs.andrew.cmu.edu
                admin_server = vice28.fs.andrew.cmu.edu
                default_domain = andrew.cmu.edu
        }
        CS.CMU.EDU = {
                kdc = kerberos.cs.cmu.edu
                kdc = kerberos-2.srv.cs.cmu.edu
                admin_server = kerberos.cs.cmu.edu
        }
        DEMENTIA.ORG = {
                kdc = kerberos.dementia.org
                kdc = kerberos2.dementia.org
                admin_server = kerberos.dementia.org
        }
        stanford.edu = {
                kdc = krb5auth1.stanford.edu
                kdc = krb5auth2.stanford.edu
                kdc = krb5auth3.stanford.edu
                admin_server = krb5-admin.stanford.edu
                default_domain = stanford.edu
        }

[domain_realm]
        .kerbos.server = test.local
        .DOMAIN.LOCAL = test.local
        .mit.edu = ATHENA.MIT.EDU
        mit.edu = ATHENA.MIT.EDU
        .media.mit.edu = MEDIA-LAB.MIT.EDU
        media.mit.edu = MEDIA-LAB.MIT.EDU
        .csail.mit.edu = CSAIL.MIT.EDU
        csail.mit.edu = CSAIL.MIT.EDU
        .whoi.edu = ATHENA.MIT.EDU
        whoi.edu = ATHENA.MIT.EDU
        .stanford.edu = stanford.edu

[login]
        krb4_convert = true
        krb4_get_tickets = false

_________________
Please Help
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

fosiul01Commented:
HI, i didnot implement this before.
but lets try to fix it .
which tutorial are you trying to follow and which command did you get this error
if you can tell me i could of look in to this
thanks
0
Aida2Author Commented:
I follow your first link
http://rubenleusink.com/debian-linux-filesharing-with-microsoft-active-directory-authentication-2008-10-07/
after install all package i edit the file krb5.conf then i ran the command (in step 4)
kint administrator@test.local and i have error

kinit(v5): Improper format of Kerberos configuration file while initializing Kerberos 5 library
0
fosiul01Commented:
While i look for other documents
have a look at this one
https://bugs.launchpad.net/ubuntu/+source/kerberos-configs/+bug/179142

also :
Error Message


Improper format of Kerberos configuration file

Reason Occurred
The Kerberos configuration file (krb5.conf) has invalid entries.

Solution
Make sure all the relations in the krb5.conf file are followed by the "=" sign and a value, and verify that the brackets are present in pairs for each subsection.


does those make any sense ??

 I am searching more..
0
fosiul01Commented:
0
fosiul01Commented:
if i check your krb5.conf and the tutorial

you have
[login]
        krb4_convert = true
        krb4_get_tickets = false

extra, is that allright ??
0
Aida2Author Commented:
Yes it was default i don't use krb4.
what about my domain and server in all example i can see they are write with uppercase.
And i don't.
0
Aida2Author Commented:
Hello,
Now it's work and i goin my server to domain. but in step 9 when i say wbinfo -u it should list
all doamin user but i get error :
Error looking up domain users

ANY IDEA
0
fosiul01Commented:
hi yah sorry due to weaked i was in holiday

let me see again the tutorial
i will come back to you soon
0
fosiul01Commented:
check this one

http://www.experts-exchange.com/Networking/Unix_Networking/Q_21492200.html

"Does your PDC know itself by name you call it in /etc/hosts ???"

from google, its sure its dns issue

let me check little more
0
fosiul01Commented:
what about the user permission ??
from linux box you have connected to windoes AD, and from linux box you are trying to get domain user informationf from Windows AD , is not it ??

so the user name you are trying to use, does it have proper permission to do this query ??
0
Aida2Author Commented:
I try to ran the command   sudo net ads join -U "DOMAINADMIN" and administrator for "DOMAINADMIN":
sudo net ads join -U administrator
administrator's password:
[2008/11/03 11:34:48, 0] utils/net_ads.c:ads_startup(289)
  ads_connect: Interrupted system call
0
fosiul01Commented:
check this one, its a dns issue

http://bbs.archlinux.org/viewtopic.php?id=31255

i will have a look more , just give me little more etime
0
fosiul01Commented:
http://www.informit.com/content/images/0131882228/downloads/0131882228_book.pdf

page 441

just read , and check if this is same to your configuraion

the problem is : either password or dns
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Aida2Author Commented:
Hello,
Thnks for your advise all is fine and working. How can i create usersand sync. with my ad?
0
fosiul01Commented:
haahahah , you dont have to thank me, because, if it works , its working for you.

i realy never work with ubundo , i was just trying to help you with google search thats all.

about sync with AD let me have a look in google again, i will come back to you,

but that tutorial does not say anything about sync with AD ??

0
Aida2Author Commented:
I have debian not ubundo . when i say wbinfo -u in my debian i can see all users in my active directory
How can i sync user i mean should i create user in linux box then how can i say sync password with ad.
I have no user in my linux.
0
fosiul01Commented:
omm tel me something

you can the usernname from AD
pick a username which is in AD, and try to logon with that username in ubundo, does it work ??
0
Aida2Author Commented:
Yes it's working, but user don't have permission to create a directory or doing anything
What the user can see it's his directory (don't have permission to open it) and printer.
0
coandaCommented:
if you've set passwd and group in /etc/nsswitch.conf to use winbind then that's where the user/group will come from, which means if you're trying to create a directory the directory that it's being created in needs to have the appropriate permissions for your user/group that are from winbind. you can see what groups that your user is part of by:

$ groups user

once you know that you can change permissions on the directory to be what you want them to, linux file permissions are set using read/write/execute bits for user/group/other. for example, if you wanted to give the user and the group read and write permissions on a file/directory and only read for everyone outside of the group you would:

$ sudo chown ADUser.ADGroup /path/to/file
$ sudo chmod u=rw,g=rw,o=r /path/to/file
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Databases

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.