Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

How To log onto a Windows Domain From a Linux Box

  • 15-09-2004 10:00pm
    #1
    Gorgon
    Registered Users, Registered Users 2 Posts: 30


    Any one know if theres a HowTo out there on the above title


Comments

  • #2
    mambo50
    Closed Accounts Posts: 65 ✭✭mambo50


    I´ve set up a FC2 box to authenticate against an NT4 Domain. There are 2 main steps involved as i see it.
    1.) Setup Samba and Winbind to the point where you can see the NT Domain Users when you enter the ¨getent passwd¨ command at the shell.
    2.) Edit the /etc/pam.d/system-auth files to use the pam_winbind plugin.

    BE CAREFUL editing files in the pam.d directory. If you make the wrong changes you wont be able to login to your machine.

    I can post a working system-auth setup if you want.


  • #3
    Gorgon
    Registered Users, Registered Users 2 Posts: 30 Gorgon


    I can post a working system-auth setup if you want.
    That would be great if u could thanks mambo50


  • #4
    mambo50
    Closed Accounts Posts: 65 ✭✭mambo50


    Ok,
    Here is a copy of a working system-auth file

    auth required /lib/security/$ISA/pam_env.so
    auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
    auth sufficient /lib/security/$ISA/pam_winbind.so use_first_pass
    auth required /lib/security/$ISA/pam_deny.so

    account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100
    account required /lib/security/$ISA/pam_unix.so
    account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_winbind.so

    password requisite /lib/security/$ISA/pam_cracklib.so retry=3
    password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
    password sufficient /lib/security/$ISA/pam_winbind.so use_authtok
    password required /lib/security/$ISA/pam_deny.so

    session required /lib/security/$ISA/pam_limits.so
    session required /lib/security/$ISA/pam_unix.so
    session required /lib/security/$ISA/pam_mkhomedir.so skel=/etc/skel/ umask=0022

    I think this is ok security wise, but i'm no pam guru . he important lines for us are the ones with pam_winbind and pam_mkhomedir. pam_mkhomedir is needed to create a home drce for windows users on their first login.
    When loging into your Linux box you will have to enter your windows domain username in the 'DOMAIN\username' format, where '\' is the seperator you have chosen in samba.

    Have you got Samba configured ?. Does 'getent passwd' return your NT Domain users ?

    Mambo50


Advertisement