Solved

Configure Samba / Kerberos and LDAP on Red Hat

Posted on 2011-02-18
6
1,247 Views
Last Modified: 2013-12-06
http://www.linuxmail.info/active-directory-single-sign-on/

http://www.linuxmail.info/active-directory-integration-samba-centos-5/

If I need to allow my AD users to access the Red Hat server, and the Red Hat server is enabled to user the shared resource in Window domain, do I need to do enable Samba and Kerberos/LDAP on the Red Hat, or either one ?

What the main difference between these two settings ?

Thanks
0
Comment
Question by:AXISHK
  • 3
  • 2
6 Comments
 
LVL 6

Assisted Solution

by:de2Zotjes
de2Zotjes earned 200 total points
Comment Utility
When you say samba I presume you mean the winbindd portion of samba.

You would need to enable 1 of the two, windbindd or ldap. In principle kerberos is independent of the chosen mechanism, that being said I do not know of any implementations using winbind and kerberos.

The main difference is that for ldap to work you need to extend active directory with 'unix services'. Something a lot of windows administrators rather not do.
0
 
LVL 14

Accepted Solution

by:
small_student earned 300 total points
Comment Utility
You need to run the winbind service.

You also need to run Kerberos as a Client and not as a KDC. Your AD is a kerberos KDC.

This is as simple as changing two/three lines in /etc/krb5.conf.

Then you need to Join your Linux Machine to Windows AD.

Configure Authentication to lookup from WinAD.

Finally you run the winbind service to actually start to login with Windows users on the Linux machine.

However the Linux users will not be able to run on the Windows machine. If you want that then you need to run SFU on your Windows AD to support Linux users on it.
0
 

Author Comment

by:AXISHK
Comment Utility
http://www.linuxmail.info/active-directory-integration-samba-centos-5/

Follow the instruction above and I could setup  winbind service succesfully. Can u advise how to setup the remaining steps as mentioned in the previous thread.

Great Thanks.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:AXISHK
Comment Utility
http://www.linuxmail.info/active-directory-dovecot-pam-authentication/

Follow this link, I have setup the Kerberos authentication and it works fine.

However, when I log off the Linux server, and try to use one of the AD domain user to login to the Red Hat server, it could authentication the login successfully.

Any idea ?

Thanks
0
 
LVL 14

Expert Comment

by:small_student
Comment Utility
OK so from the command line if you type

wbinfo -a

Do you get all the windows users listed?

If so now you need to configure PAM. from the same place you did the kerberos and winbind configuration. (This was mensioned in the guide you posted)

Now we need to make sure they can login as shell users before GUI.

From the options tab in system-config-authentication check the box that says ceate home dirs.

Now to test this while still logged in RedHat as the root user run the following command

su - username

Where username is windows username that you have under ActiveDirectory.

The home dir should be created and you should get no errors on the command line

Confrim the above is all ok to proceed getting you in via the GUI
0
 

Author Closing Comment

by:AXISHK
Comment Utility
Tks
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Are you sitting there reading this and wondering how to get started with Linux? It almost seems like picking the right Linux distribution is about like picking the right college or buying a new car if you read some of the article out there. Relax… l…
You ever wonder how to backup Linux system files just like Windows System Restore?  Well you can use Timeshift in Linux to perform those similar action.  This tutorial will show you how to backup your system files and keep regular intervals. Note…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now