Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Active directory and Debain

Posted on 2008-10-31
23
Medium Priority
?
1,034 Views
Last Modified: 2013-12-24
Hello,
Is there any way to mach Windows 2003 active directory to debian.
I mean i want to create user in debian but password is reading from active directory.
Thanks
0
Comment
Question by:Aida2
  • 13
  • 8
22 Comments
 
LVL 29

Expert Comment

by:fosiul01
ID: 22849668
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 22849691
0
 
LVL 1

Author Comment

by:Aida2
ID: 22853429
Hello,
Thanks for your sug.
I get errror :
kinit(v5): Improper format of Kerberos configuration file while initializing Kerberos 5 library
my /etc/krb5.conf is look like

[libdefaults]
        default_realm = test.local
        dns_lookup_realm = false
        dns_lookup_kdc = false
// clock_skew = 300
        ticket_lifetime = 24h
        forwardable = yes

# The following krb5.conf variables are only for MIT Kerberos.
        krb4_config = /etc/krb.conf
        krb4_realms = /etc/krb.realms
        kdc_timesync = 1
        ccache_type = 4
        forwardable = true
        proxiable = true
# The following libdefaults parameters are only for Heimdal Kerberos.
        v4_instance_resolve = false
        v4_name_convert = {
                host = {
                        rcmd = host
                        ftp = ftp
                }
                plain = {
                        something = something-else
                }
        }
        fcc-mit-ticketflags = true

[logging]

        default = FILE:/var/log/krb5.log
        kdc = FILE:/var/log/krb5kdc.log
        admin_server = FILE:/var/log/kadmin.log

[realms]
        test.local = {
                kdc = ford.test.local
                admin_server = ford.test.local
                default_domain = test.local
                        }
        ATHENA.MIT.EDU = {
                kdc = kerberos.mit.edu:88
                kdc = kerberos-1.mit.edu:88
                kdc = kerberos-2.mit.edu:88
                admin_server = kerberos.mit.edu
                default_domain = mit.edu
        }
        MEDIA-LAB.MIT.EDU = {
                kdc = kerberos.media.mit.edu
                admin_server = kerberos.media.mit.edu
        }
        ZONE.MIT.EDU = {
                kdc = casio.mit.edu
                kdc = seiko.mit.edu
                admin_server = casio.mit.edu
        }
        MOOF.MIT.EDU = {
                kdc = three-headed-dogcow.mit.edu:88
                kdc = three-headed-dogcow-1.mit.edu:88
                admin_server = three-headed-dogcow.mit.edu
        }
        CSAIL.MIT.EDU = {
                kdc = kerberos-1.csail.mit.edu
                kdc = kerberos-2.csail.mit.edu
                admin_server = kerberos.csail.mit.edu
                default_domain = csail.mit.edu
                krb524_server = krb524.csail.mit.edu
        }
        IHTFP.ORG = {
                kdc = kerberos.ihtfp.org
                admin_server = kerberos.ihtfp.org
        }
        GNU.ORG = {
                kdc = kerberos.gnu.org
                kdc = kerberos-2.gnu.org
                kdc = kerberos-3.gnu.org
                admin_server = kerberos.gnu.org
        }
        1TS.ORG = {
                kdc = kerberos.1ts.org
                admin_server = kerberos.1ts.org
        }
        GRATUITOUS.ORG = {
                kdc = kerberos.gratuitous.org
                admin_server = kerberos.gratuitous.org
        }
        DOOMCOM.ORG = {
                kdc = kerberos.doomcom.org
                admin_server = kerberos.doomcom.org
        }
        ANDREW.CMU.EDU = {
                kdc = vice28.fs.andrew.cmu.edu
                kdc = vice2.fs.andrew.cmu.edu
                kdc = vice11.fs.andrew.cmu.edu
                kdc = vice12.fs.andrew.cmu.edu
                admin_server = vice28.fs.andrew.cmu.edu
                default_domain = andrew.cmu.edu
        }
        CS.CMU.EDU = {
                kdc = kerberos.cs.cmu.edu
                kdc = kerberos-2.srv.cs.cmu.edu
                admin_server = kerberos.cs.cmu.edu
        }
        DEMENTIA.ORG = {
                kdc = kerberos.dementia.org
                kdc = kerberos2.dementia.org
                admin_server = kerberos.dementia.org
        }
        stanford.edu = {
                kdc = krb5auth1.stanford.edu
                kdc = krb5auth2.stanford.edu
                kdc = krb5auth3.stanford.edu
                admin_server = krb5-admin.stanford.edu
                default_domain = stanford.edu
        }

[domain_realm]
        .kerbos.server = test.local
        .DOMAIN.LOCAL = test.local
        .mit.edu = ATHENA.MIT.EDU
        mit.edu = ATHENA.MIT.EDU
        .media.mit.edu = MEDIA-LAB.MIT.EDU
        media.mit.edu = MEDIA-LAB.MIT.EDU
        .csail.mit.edu = CSAIL.MIT.EDU
        csail.mit.edu = CSAIL.MIT.EDU
        .whoi.edu = ATHENA.MIT.EDU
        whoi.edu = ATHENA.MIT.EDU
        .stanford.edu = stanford.edu

[login]
        krb4_convert = true
        krb4_get_tickets = false

_________________
Please Help
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 29

Expert Comment

by:fosiul01
ID: 22854052
HI, i didnot implement this before.
but lets try to fix it .
which tutorial are you trying to follow and which command did you get this error
if you can tell me i could of look in to this
thanks
0
 
LVL 1

Author Comment

by:Aida2
ID: 22854123
I follow your first link
http://rubenleusink.com/debian-linux-filesharing-with-microsoft-active-directory-authentication-2008-10-07/
after install all package i edit the file krb5.conf then i ran the command (in step 4)
kint administrator@test.local and i have error

kinit(v5): Improper format of Kerberos configuration file while initializing Kerberos 5 library
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 22854207
While i look for other documents
have a look at this one
https://bugs.launchpad.net/ubuntu/+source/kerberos-configs/+bug/179142

also :
Error Message


Improper format of Kerberos configuration file

Reason Occurred
The Kerberos configuration file (krb5.conf) has invalid entries.

Solution
Make sure all the relations in the krb5.conf file are followed by the "=" sign and a value, and verify that the brackets are present in pairs for each subsection.


does those make any sense ??

 I am searching more..
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 22854228
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 22854266
if i check your krb5.conf and the tutorial

you have
[login]
        krb4_convert = true
        krb4_get_tickets = false

extra, is that allright ??
0
 
LVL 1

Author Comment

by:Aida2
ID: 22856201
Yes it was default i don't use krb4.
what about my domain and server in all example i can see they are write with uppercase.
And i don't.
0
 
LVL 1

Author Comment

by:Aida2
ID: 22865161
Hello,
Now it's work and i goin my server to domain. but in step 9 when i say wbinfo -u it should list
all doamin user but i get error :
Error looking up domain users

ANY IDEA
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 22865377
hi yah sorry due to weaked i was in holiday

let me see again the tutorial
i will come back to you soon
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 22865467
check this one

http://www.experts-exchange.com/Networking/Unix_Networking/Q_21492200.html

"Does your PDC know itself by name you call it in /etc/hosts ???"

from google, its sure its dns issue

let me check little more
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 22865499
what about the user permission ??
from linux box you have connected to windoes AD, and from linux box you are trying to get domain user informationf from Windows AD , is not it ??

so the user name you are trying to use, does it have proper permission to do this query ??
0
 
LVL 1

Author Comment

by:Aida2
ID: 22865840
I try to ran the command   sudo net ads join -U "DOMAINADMIN" and administrator for "DOMAINADMIN":
sudo net ads join -U administrator
administrator's password:
[2008/11/03 11:34:48, 0] utils/net_ads.c:ads_startup(289)
  ads_connect: Interrupted system call
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 22866040
check this one, its a dns issue

http://bbs.archlinux.org/viewtopic.php?id=31255

i will have a look more , just give me little more etime
0
 
LVL 29

Accepted Solution

by:
fosiul01 earned 252 total points
ID: 22866367
http://www.informit.com/content/images/0131882228/downloads/0131882228_book.pdf

page 441

just read , and check if this is same to your configuraion

the problem is : either password or dns
0
 
LVL 1

Author Comment

by:Aida2
ID: 22878151
Hello,
Thnks for your advise all is fine and working. How can i create usersand sync. with my ad?
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 22878226
haahahah , you dont have to thank me, because, if it works , its working for you.

i realy never work with ubundo , i was just trying to help you with google search thats all.

about sync with AD let me have a look in google again, i will come back to you,

but that tutorial does not say anything about sync with AD ??

0
 
LVL 1

Author Comment

by:Aida2
ID: 22884505
I have debian not ubundo . when i say wbinfo -u in my debian i can see all users in my active directory
How can i sync user i mean should i create user in linux box then how can i say sync password with ad.
I have no user in my linux.
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 22884538
omm tel me something

you can the usernname from AD
pick a username which is in AD, and try to logon with that username in ubundo, does it work ??
0
 
LVL 1

Author Comment

by:Aida2
ID: 22903505
Yes it's working, but user don't have permission to create a directory or doing anything
What the user can see it's his directory (don't have permission to open it) and printer.
0
 
LVL 3

Assisted Solution

by:coanda
coanda earned 248 total points
ID: 22957863
if you've set passwd and group in /etc/nsswitch.conf to use winbind then that's where the user/group will come from, which means if you're trying to create a directory the directory that it's being created in needs to have the appropriate permissions for your user/group that are from winbind. you can see what groups that your user is part of by:

$ groups user

once you know that you can change permissions on the directory to be what you want them to, linux file permissions are set using read/write/execute bits for user/group/other. for example, if you wanted to give the user and the group read and write permissions on a file/directory and only read for everyone outside of the group you would:

$ sudo chown ADUser.ADGroup /path/to/file
$ sudo chmod u=rw,g=rw,o=r /path/to/file
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes has been used since a very long time as an e-mail client and is very popular because of it's unmatched security. In this article we are going to learn about  RRV Bucket corruption and understand various methods to Fix "RRV Bucket Corrupt…
One of the most important things in an application is the query performance. This article intends to give you good tips to improve the performance of your queries.
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question