Page 12 of 21 FirstFirst ... 21011121314 ... LastLast
Results 111 to 120 of 209

Thread: HOWTO: Active Directory Authentication

  1. #111
    Join Date
    May 2007
    Beans
    14

    Re: HOWTO: Active Directory Authentication

    were you able to resolve the problem and not get lock out again?

  2. #112
    Join Date
    Jan 2005
    Beans
    45

    Re: HOWTO: Active Directory Authentication

    Thanks to everyone who has contributed to this thread. I've followed the instructions and have managed to set up a (mostly) working samba file share using my Windows 2003 Active Directory to authenticate users.


    The only problem I still have is that when users create files on the share, the username that they are created under is always listed as 'root', instead of their actual username. This seems to be resulting in some files being not writable by the same user that created them.

    All of the users who have access to the smb share are members of the same AD Group 'HCLOffice', and any file created by a member of that group should be readable and writable by other members of the group.

    The relevant section of my smb.conf file is as follows:


    Code:
    [GIS]
            path = /shared/GIS
            comment = GIS Data
            browseable = yes
            writable = yes
    ;        public = yes
           valid users = @"HATCON/Domain Users"
           admin users = @"HATCON/HCLOffice"
           read list @"HATCON/Domain Users"
           write list = @"HATCON/Domain Users"

    If anyone has any suggestions about how I should change this section, I would be eternally grateful!

  3. #113
    Join Date
    May 2007
    Beans
    9

    Re: HOWTO: Active Directory Authentication

    Yes. I was playing with the common-auth (commenting things out do to issues I thought were related to PAM) and suddenly after a reboot, I couldn't sign on. So I booted up with the system rescue cd and changed everything back. Voila! I was able to sign back on.

  4. #114
    Join Date
    May 2007
    Beans
    14

    Re: HOWTO: Active Directory Authentication

    Quote Originally Posted by warlockvix View Post
    Yes. I was playing with the common-auth (commenting things out do to issues I thought were related to PAM) and suddenly after a reboot, I couldn't sign on. So I booted up with the system rescue cd and changed everything back. Voila! I was able to sign back on.
    but where u able to log in using an AD account still though?

  5. #115
    Join Date
    May 2007
    Beans
    14

    Re: HOWTO: Active Directory Authentication

    got it fixed... does the order of lines make a differnece?
    Last edited by ziggie216; May 24th, 2007 at 09:18 AM.

  6. #116
    Join Date
    Jun 2007
    Beans
    3

    Re: HOWTO: Active Directory Authentication

    whew....I started as a total linux/ubuntu noob to connecting to AD

    Everything went fine.

    I can see my server in Network Places except I have domain and domain.org listed where domain contains all my Windows machines and domain.org which contains samba. It prompts for a login but nothing works

    I've tried:

    user
    domain\user
    host\user
    user@domain.org
    local\root
    local\localuser

    I changed the winbind from + to \ and tried all the above

    can't get'er logged in

    I can see my server in ADUC.

    btw.....SBS2003 as my PDC

    trying to connect Fiesty on an ooooold compaq proliant so no gnome gui

    do I even need to connect samba to AD in order to use this as a simple print server? I already have CUPS configured. I just want to be able to use hte printer directory in XP to pick a printer.
    Last edited by eveljkov; June 14th, 2007 at 01:11 AM.

  7. #117
    Join Date
    Apr 2007
    Beans
    6

    Question Re: HOWTO: Active Directory Authentication

    does anyone know if the domain functional level in 2003 server has to be left at default "2000 mixed" mode? i am running "2003 mode" as all my servers are 2003. anyone that has successfully joined their ubu svr can you check your level in 2k3 server? (goto admin tools --> active directory domains and trusts --> right click domain name and click on "raise functional level and it tell you current mode and give upgrade options)

    i am getting an error when i try to add the ubu server in step 8 "Join the system to the; net ads join -U domainadminuser@DOMAIN.INTERNAL"

    i get error:
    " sudo net ads join -U admin@DOMAIN.INTERN
    Password:
    admin@IDOMAIN.INTERN's password:
    Using short domain name -- DOMAIN
    Failed to set servicePrincipalNames. Please ensure that
    the DNS domain of this server matches the AD domain,
    Or rejoin with using Domain Admin credentials.
    Disabled account for 'UBUSVR1' in realm 'DOMAIN.INTERN'

    i look on the AD server and find the computer name for the ubu server and it is indeed DISABLED. i enable, and then run the command again from ubu svr to add and AD disabled again.

    obviously its something on the micro$haft side in AD disabling the account. off the top of my head i would think it is perhaps because i am running in 2003 mode instead of mixed mode for compatibility with 2k and NT servers...

    any thoughts?

    thanks!

  8. #118
    Join Date
    Apr 2007
    Beans
    6

    Re: HOWTO: Active Directory Authentication

    ok figure out my problem.

    DNS on the w2k3 machines didnt have any A or PTR for the ubu machine, even though DHCP on a w2k3 machine handed it out (and we have DNS set to update both secure and nonsecure, woudl figure it would have entered it in when DHCP gave out the address)

  9. #119
    Join Date
    Jan 2006
    Location
    Felton, PA
    Beans
    71
    Distro
    Ubuntu 7.10 Gutsy Gibbon

    Exclamation Re: HOWTO: Active Directory Authentication

    EDIT: Didn't enable the correct repository. Disregard my post below ...

    Hey this is going to sound goofy but I followed the guide for installing the Kerberos portion last week on a test box and now repeating the same process today to move into production, I'm not able to get the krb5-user package installed.

    I have allowed the universe and multiverse in /etc/apt/sources.list but when I attempt the install with sudo apt-get install krb5-user I get this :

    bensode@samba1:~$ sudo apt-get install krb5-user

    Reading package lists... Done

    Building dependency tree... Done

    Some packages could not be installed. This may mean that you have

    requested an impossible situation or if you are using the unstable

    distribution that some required packages have not yet been created

    or been moved out of Incoming.



    Since you only requested a single operation it is extremely likely thatEDIT: Didn't enable the correct repository. Disregard my post below ...

    the package is simply not installable and a bug report against

    that package should be filed.

    The following information may help to resolve the situation:



    The following packages have unmet dependencies:

    krb5-user: Depends: libkrb53 (= 1.4.3-5) but 1.4.3-5ubuntu0.3 is to be installed

    Depends: libkadm55 (= 1.4.3-5) but 1.4.3-5ubuntu0.3 is to be installed

    E: Broken packages

    EDIT: Didn't enable the correct repository. Disregard my post aboce ...
    Last edited by bensode; June 25th, 2007 at 07:16 PM. Reason: Found my own mistake

  10. #120
    Join Date
    Dec 2005
    Location
    USA
    Beans
    886
    Distro
    Ubuntu

    Re: HOWTO: Active Directory Authentication

    I just wanted to post to let everyone know that I just finished a VMWare test of the AD/Ubuntu integration. I created a Windows 2003 Enterprise server install and updated it to Service Pack 2. I installed Active Directory and left it as-is. I then installed Ubuntu 7.04 Desktop (latest downloaded ISO) in another VMWare disk. Using the directions from page 1 I have this server authenticating perfectly against the active directory. I can log in at the GDM just fine.

    Thanks,

    -Richard
    I use both Windows and Linux. Is that a crime? || Ubuntu User # 16597

Page 12 of 21 FirstFirst ... 21011121314 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •