FC2 authentication with Active Directory

Mon Nov 1 17:00:07 UTC 2004

Jim Parker wrote:

>I thought I was following all the very different procedures, but no luck
>on log in.  I could query LDAP if I supply a user name/password when
>prompted.  Also, I can authenticate with Kerberos and join a domain, but
>it doesn't retain a Kerberos ticket.
>
>The reason I'm asking about all this is so that I can use a single log
>on for all the different systems (UNIX, Solaris, Windows, and of course
>FC2 workstations) we have.
>
>Again, all the help you can provide is very much appreciated.
>
>Jim
>
>-----Original Message-----
>From: fedora-list-bounces at redhat.com
>[mailto:fedora-list-bounces at redhat.com] On Behalf Of Charles Heselton
>Sent: Sunday, October 31, 2004 10:58 AM
>To: [LINICKX]; For users of Fedora Core releases
>Subject: Re: FC2 authentication with Active Directory
>
>On Sun, 31 Oct 2004 16:43:06 +0000, [LINICKX] <linickx at gmail.com> wrote:
>  
>
>>I'd like to see your howto , i've tried this a number of times (using
>>various documentation) but never succeeded :-(
>>
>>cheers.
>>
>>
>>
>>
>>On Sun, 31 Oct 2004 16:18:38 +0100, Klaasjan Brand
>>    
>>
><klaasjan at gmail.com> wrote:
>  
>
>>>Don't know if this helps, but I've set up windows domain
>>>authentication on a RHEL3 server by using the winbind module of
>>>      
>>>
>samba.
>  
>
>>>There's a lot of documentation about that in the samba package.
>>>Shortly, you can configure samba to join a domain and install a pam
>>>module that uses the samba-provided credentials to authenticate
>>>      
>>>
>system
>  
>
>>>users.
>>>If anyone needs a detailed description I probably should write a
>>>      
>>>
>howto ;)
>  
>
>>>--
>>>fedora-list mailing list
>>>fedora-list at redhat.com
>>>To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>>>
>>>      
>>>
>>--
>>fedora-list mailing list
>>fedora-list at redhat.com
>>To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>>
>>    
>>
>
>I'd love to see a "How-to" as well.  All of the documentation that
>I've read states that there are problems with Samba 3.x and Windows
>2003  (works fine with Win2K).  The most recent article I've read was
>about v3.0, so I don't know if the Samba developers have fixed those
>outstanding issues with Win2K3 in more recent versions or not.
>
>  
>
It is not advisable to have Solaris (and other UNIX) systems try to 
authenticate with
an active directory server.  But if you realy want to try and get it 
working, you need
to have kerberos installed and running on all the UNIX/Linux systems.   
A much better
approach would be to use LDAP for this, but even that is going to be a 
major pain in the
@%@.

Mike