Page 5 of 6 FirstFirst ... 3456 LastLast
Results 41 to 50 of 57

Thread: HOWTO: NT Domain Authentication

  1. #41
    Join Date
    Aug 2006
    Beans
    2

    Re: HOWTO: NT Domain Authentication

    Quote Originally Posted by vizvayu View Post
    Now go to /etc/pam.d and edit the following files:

    common-account:
    Code:
    #Commented for winbind to work
    #account-required	pam_unix.so
    account-required	pam_winbind.so
    This will break Ubuntu domain member servers and clients running Samba 3.0.24 (and possibly 3.0.23x) making it impossible to login.

    common-account should read:

    Code:
    account sufficient pam_winbind.so
    account required pam_unix.so
    It took me hours to sort this out If this works on stock Samba 3.0.22 that ships with 6.06.1 LTS, and 6.10, then you might want to edit the original post to match.

  2. #42
    Join Date
    Feb 2005
    Beans
    123

    Re: HOWTO: NT Domain Authentication

    I've followed this howto to get an Ubuntu Feisty box to log onto a Samba server (including the fix mentioned above to /etc/pam.d/common-account). It works, but as someone mentioned before, gksudo doesn't work any more. Has anyone found a solution to this yet, or have any suggestions for tracking the problem down?

    I would like to fix this because as it stands the administrative menu functions don't work. I know how to work around this via the command line, but I'm deploying this where less technical users will be using it so really I need it to work correctly.

    Thanks

    Andy B

  3. #43
    Join Date
    Feb 2007
    Location
    Brazil
    Beans
    12
    Distro
    Ubuntu 7.04 Feisty Fawn

    Re: HOWTO: NT Domain Authentication

    For me the tutorial doesn't works, i already tried everything. The connection with the domain occurs fine, but the logon of the users not happen. Only the expiration password message is show.

    I tried this other tutorial, i had the connection and the logon perfectly, but when the system go to create the directory of the user i get the error: xsession: Unable to create ~/.gnome2 directory: directory or file doesn't exists.

    I'm without exit, some help?

  4. #44
    Join Date
    Feb 2005
    Beans
    123

    Re: HOWTO: NT Domain Authentication

    Hi

    Not sure why you can't log in after following this guide - the basics are all there though you might have to make alterations to suit your specific setup. I only speak English so I'm afraid I can't comment on the other tutorial you mentioned - a shame as it would probably be useful to compare them.

    However, I can guess what's happening with the error you are getting - I suspect the problem is that you are trying to log on with a home directory that is not actually accessible - thus gnome can't create its required directories. Are you trying to locate your home directory on the samba server? If so, pam_mount may not have successfully mounted your home directory - or mounted it with the wrong permissions. Try logging in at the console and then use the mount command to check what's mounted where.

    Some general suggestions:

    (1) Make sure you have a reasonable understanding of how samba, pam, winbind and pam_mount work first. Read the man pages and do some reading up online. Don't just follow the tutorials by rote - understand what they are doing so you can see if you need to make alterations to make it apply to your situation. You don't need to become an expert (I most certainly am not!) but make sure you understand the basics.

    (2) Take things step by step, checking what works at each stage. My suggested order would be:

    (i) Make sure Samba is working properly and that you can mount shares with CIFS.
    (ii) Get winbind working and join the domain (sounds like you have got this working)
    (iii) Get pam_mount working _without_ moving you home directory onto the server - just get it to mount an arbitrary share and make sure that works.
    (iv) once all that is working, you can think about moving your home directory onto the server.

    It's a shame, but from my (limited) experience, logging a Linux PC (or at least a Ubuntu one) onto a samba or windows domain is not yet something that can be done reliably without some understanding of the processes involved. I'm sure it will improve over time but for the moment "some assembly required" as they say.

    HTH

    Andy B

  5. #45
    Join Date
    Nov 2006
    Beans
    17

    Re: HOWTO: NT Domain Authentication

    Hey all! I just finished successfully nailing down my technique for joining a Windows 2003 domain from Ubuntu 7.04 (Feisty Fawn), mainly using SADMS. After three tries, I joined the domain from a fresh install within 15 minutes. This thread (along with a few others) were very helpful, and there was a bit of trial-and-error involved as well.

    I've written it all up on the Ubuntu wiki. If any of you guys want to try it out and let me know how it goes, check it out:
    https://wiki.ubuntu.com/JoinWindowsDomain

    Thanks!

  6. #46
    Join Date
    Aug 2006
    Beans
    2

    Re: HOWTO: NT Domain Authentication

    I'm trying to join to a Windows 2003 sp2 domain and I keep getting the following message. Any ideas? I used the https://help.ubuntu.com/community/Ac...ryWinbindHowto guide, but I'm not having any luck.

    root@dpiwks-test:/home/cole# net ads join -U Administrator -W domain Administrator's password:
    Using short domain name -- domain
    Failed to set servicePrincipalNames. Please ensure that
    the DNS domain of this server matches the AD domain,
    Or rejoin with using Domain Admin credentials.
    Disabled account for 'DPIWKS-test' in realm 'DOMAIN.LOCAL'

    I substituted our actual domain with 'domain' for security reasons. I'm a bit paranoid.

    The machine does show up in AD, but is disabled.

  7. #47
    Join Date
    Oct 2007
    Beans
    5

    Re: HOWTO: NT Domain Authentication

    Has anyone had any troubles with using samba and winbind to join an ubuntu 7.10 "gutsy" client to an NT domain (ubuntu server as samba PDC). It worked and still works fine using feisty clients, but doesn't seem to work in gutsy. I actually can join (a machine account is created) but can't authenticate and wbinfo -t, wbinfo -u, and wbinfo -g give errors (getent passwd also does nothing). I guess I'm curious if there are any issues that have crept in with gutsy?

    I've used the following tutorials as guidance (plus some of this thread):
    http://www.hantslug.org.uk/cgi-bin/w...ints/SambaAuth
    http://tech.canterburyschool.org/tec...nticationSetup
    http://tech.canterburyschool.org/tec...s_2fSetUpSamba

  8. #48
    Join Date
    Nov 2005
    Beans
    6

    Re: HOWTO: NT Domain Authentication

    so close... someone give me a nudge? using Ubuntu 7.10

    Configured Samba and could browse the network etc. After installing winbind, was able to join the domain, verified a computer account existed in active directory and passed tests with wbinfo -t, wbinfo -a, wbinfo -u but not login to domain. Started researching domain authentication and found this HowTo, I followed the steps to modify the pam.d files. Rebooted thinking OK done deal, easy enough, no problem.

    Tried to login with 3 different domain accounts and just get "authorization failed" after entering the password. Tried to log in with local ubuntu account cleveryly named "user" and cannot log in locally either, just get "autorization failed". Entering a bogus username results in "authorization failed" before I even enter a password so it seems to be getting the user list.

    Thinking I made a typo in one of the pam.d files, I rebooted into recovery mode and checked the pam.d files but all looked OK, more research and found other tutorials and tried their recommended pam.d files. Same thing, still cannot log in using domain or local credentials. What am I missing?

    relevent smb.conf lines:
    workgroup = mydomain
    sercurity = domain
    encrypt passwords = yes
    password server = *
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    template shell = /bin/bash
    template homedir = /home/%D/%U
    winbind separator = +
    winbind enum users = yes
    winbind enum groups = yes

    nsswitch.conf
    passwd: compat winbind
    group: compat winbind

    common-account:
    account sufficient pam_winbind.so
    account required pam_unix.so

    common-auth:
    auth sufficient pam_winbind.so use_first_pass
    auth required pam_unix.so user_first_pass

    common-session:
    session required pam_unix.so
    session required pam_foreground.so
    session required pam_mkhomedir.so umask-0022 skel=/etc/skel

  9. #49
    Join Date
    Nov 2005
    Beans
    6

    Re: HOWTO: NT Domain Authentication

    OK so I got impatient and irritated and decided to undo all I had done and start over clean a la format and reinstall (its just a test system).

    I'm going to try to us SADMS instead of the trial and error of editing all these config files and reading endless FAQs, howtos and random posts and trying to piece it all together.

    But still if you see something incorrect in my config files from my previous post please let me know what it is.
    Last edited by neal_ro; December 26th, 2007 at 10:54 PM.

  10. #50
    Join Date
    Jun 2006
    Location
    PortlandOaklandBeijing
    Beans
    Hidden!
    Distro
    Kubuntu 12.10 Quantal Quetzal

    Thumbs down Re: HOWTO: NT Domain Authentication

    SADMS is great! Methinks it should be added to the main repository..

Page 5 of 6 FirstFirst ... 3456 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •