PDA

View Full Version : [ubuntu] Windows Networking and authentication



nirajandps
November 3rd, 2010, 01:58 AM
Hi!

I am working on my course project in a test environment.

I have an Ubuntu Server with Squid Proxy installed in it. My AD/DHCP server is Windows Server 2008 R2.

My AD/DC is dhcpserver.techxpert.com
My domain is techxpert.com
My Ubuntu machine name is SQUID-PROXY
My ubuntu machine user is squiuser
My DC IP is 170.0.0.1
My Ubuntu IP is 170.0.0.2(reserved by DHCP)


My samba configuration is

/etc/samba/smb.conf
[global]
security = domain
realm = TECHXPERT.COM
workgroup = techxpert
password server = *
idmap uid = 10000-20000
idmap gid = 10000-20000


My kerberos setting is

[libdefaults]
default_realm = TECHXPERT.COM
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}

[realms]
TECHXPERT.COM = {
kdc = dhcpserver.techxpert.com
admin_server = dhcpserver.techxpert.com
}


[domain_realm]
.techxpert.com = DHCPSERVER.TECHXPERT.COM
techxpert.com = DHCPSERVER.TECHXPERT.COM


[login]
krb4_convert = true
krb4_get_tickets = true

My nsswitch configuration is
/etc/nsswitch.conf
The only change here was adding winbind twice.
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat winbind
group: compat winbind
shadow: compat
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis


Now I joined this ubuntu machine to windows domain techxpert.com using command after restarting services

net ads join -U administrator
I successfully joined the domain techxpert.com
but when i do nslookup dhcpserver.techxpert.com it gives me error, also I can't get answer when I do host 170.0.0.1
Now my main problem is I can't get to list or access the active directory users. When I do wbinfo -g it only shows me local user instead of all active directory users.
So when I make authentication configration in squid.conf, and try accessing from web browser, the authentication pop-up comes but after entering the details of username and password, the authentication doesn't take place.
I need to complete the project by 6th November,2010 and I am stuck in this one. Without solving this case, my squid is a failure.

Please help me out. I will highly appreciate any info.

bab1
November 3rd, 2010, 05:27 AM
Hi!

I am working on my course project in a test environment.

I have an Ubuntu Server with Squid Proxy installed in it. My AD/DHCP server is Windows Server 2008 R2.

My AD/DC is dhcpserver.techxpert.com
My domain is techxpert.com
My Ubuntu machine name is SQUID-PROXY
My ubuntu machine user is squiuser
My DC IP is 170.0.0.1
My Ubuntu IP is 170.0.0.2(reserved by DHCP)


My samba configuration is

/etc/samba/smb.conf
[global]
security = domain
realm = TECHXPERT.COM
workgroup = techxpert
password server = *
idmap uid = 10000-20000
idmap gid = 10000-20000


My kerberos setting is

[libdefaults]
default_realm = TECHXPERT.COM
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}

[realms]
TECHXPERT.COM = {
kdc = dhcpserver.techxpert.com
admin_server = dhcpserver.techxpert.com
}


[domain_realm]
.techxpert.com = DHCPSERVER.TECHXPERT.COM
techxpert.com = DHCPSERVER.TECHXPERT.COM


[login]
krb4_convert = true
krb4_get_tickets = true

My nsswitch configuration is
/etc/nsswitch.conf
The only change here was adding winbind twice.
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat winbind
group: compat winbind
shadow: compat
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis


Now I joined this ubuntu machine to windows domain techxpert.com using command after restarting services

net ads join -U administrator
I successfully joined the domain techxpert.com
but when i do nslookup dhcpserver.techxpert.com it gives me error, also I can't get answer when I do host 170.0.0.1
Now my main problem is I can't get to list or access the active directory users. When I do wbinfo -g it only shows me local user instead of all active directory users.
So when I make authentication configration in squid.conf, and try accessing from web browser, the authentication pop-up comes but after entering the details of username and password, the authentication doesn't take place.
I need to complete the project by 6th November,2010 and I am stuck in this one. Without solving this case, my squid is a failure.

Please help me out. I will highly appreciate any info.

From the Ubuntu Forums Code of Conduct (http://ubuntuforums.org/index.php?page=policy):



While we are happy to serve as a resource for hints and for asking questions when you get stuck and need a little help, the Ubuntu Forums should not be thought of as a homework service. Please do not post your homework assignments expecting someone else to do it for you. Any such threads will be taken offline and warnings or infractions may be issued.

nirajandps
November 17th, 2010, 11:07 PM
From the Ubuntu Forums Code of Conduct (http://ubuntuforums.org/index.php?page=policy):

Hi!

I don't want anyone to do my work. I just thought may be someone else has gone through the same problem. But I have solved the issue. I think you didn't went through the post thoroughly I never said any one to do my work.

In any case, thank you and if someone is stuck in the same problem, I may be helpful.

Thank you