[opensuse] AD and OpenSuSE10.2 (Identity Manager for Unix)
Hi list, - has anyone tried using MS-Win2003R2 AD as authentication/authorisation for SuSE10.2 users? if so, is there a how-to somewhere? -- ------------------------------------------------------------------------- Med venlig hilsen/Best regards Verner Kjærsgaard -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Verner Kjærsgaard wrote:
Hi list,
- has anyone tried using MS-Win2003R2 AD as authentication/authorisation for SuSE10.2 users?
if so, is there a how-to somewhere?
I have and it works quite well. Unfortunately, I did not find a single comprehensive HOW-TO or source of information, but got bits and pieces from different places and then added some bits of my own. One of these day (tm), time permitting, I may put together a how-to. In the meantime, feel free to ask. -- --Moby -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Torsdag 15 februar 2007 18:08 skrev Moby:
Verner Kjærsgaard wrote:
Hi list,
- has anyone tried using MS-Win2003R2 AD as authentication/authorisation for SuSE10.2 users?
if so, is there a how-to somewhere?
I have and it works quite well. Unfortunately, I did not find a single comprehensive HOW-TO or source of information, but got bits and pieces from different places and then added some bits of my own. One of these day (tm), time permitting, I may put together a how-to. In the meantime, feel free to ask.
- thank you! In the MS box, I installed the "Identity Manager for Unix" component. I then added a user and filled in some UID, home path and some details. Now, I need MS to allow my Linuxbox to ask for authentication, how? - second q: in the linux box, would one select NIS or LDAP as authentication mechanism? I would think NIX, but...? - do I need the MS box to run a DNS server and all in order for this to work? -- ------------------------------------------------------------------------- Med venlig hilsen/Best regards Verner Kjærsgaard -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Verner Kjærsgaard wrote:
Torsdag 15 februar 2007 18:08 skrev Moby:
Verner Kjærsgaard wrote:
Hi list,
- has anyone tried using MS-Win2003R2 AD as authentication/authorisation for SuSE10.2 users?
if so, is there a how-to somewhere?
I have and it works quite well. Unfortunately, I did not find a single comprehensive HOW-TO or source of information, but got bits and pieces from different places and then added some bits of my own. One of these day (tm), time permitting, I may put together a how-to. In the meantime, feel free to ask.
- thank you!
In the MS box, I installed the "Identity Manager for Unix" component. I then added a user and filled in some UID, home path and some details. Now, I need MS to allow my Linuxbox to ask for authentication, how?
- second q: in the linux box, would one select NIS or LDAP as authentication mechanism? I would think NIX, but...?
- do I need the MS box to run a DNS server and all in order for this to work?
I am not using the MS "Identity Manager for Unix" components, nor is it really needed. There are no changes to be made on the M$ side. On the Linux side, install samba, samba-winbind, and krb5-client. Configure /etc/krb5.conf to point to your domain. Configure smb.conf to use winbind and use the idmap RID method. Then edit /etc/nsswitch to use winbind. -- --Moby -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Torsdag 15 februar 2007 14:32 skrev Verner Kjærsgaard: [... lots of cut away... see thread...] Hi list and Moby, - I promissed to let the list and Moby know when/if I got this working. I did :-) I don't use any Kerberos stuff at all. I setup the Win2003 DNS server to know of itself and the other boxes (including the Linux ones) in the network. I define the Linux boxes as normal, not pre-win2000 boxes in AD. I tell AD about the (Linux) box in the network as said. I tell AD about my (Linux) users, I do not specify anything special at all. Linux: I use SuSE10.2 with winbind installed. I tell the Linux box to use the DNS of the windows machine as its first DNS choice. I check that I can ping the windows machine using its name - which is NOT in /etc/hosts. I.e., it's looked up in the win-DNS. I use YaST/User Management/advanced. I elect to use SMB verification, and I make the Linux box a member of the domain. Meaning in YaST network section, I beforehand named the Linux box and declared it to belong to the correct domain and all. Once the machine is a legal member of the AD-domain and is set to use SMB-authentication for its users, I reboot. Just this once. Then when the blue login screen appears, a choice as to domain is given: local or "WIN2003". I select the latter. I now use a loginname that exists in the AD, but DOES NOT EXIST IN THE LINUX BOX. This causes a /home/WIN2003/users-home-dir to be created. All is good and normal. Summa: The linux box is now dependent on users to exist in the central AD. As wanted. To the list and Moby; - thank you for your help in this matter! -- ------------------------------------------------------------------------- Med venlig hilsen/Best regards Verner Kjærsgaard -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (2)
-
Moby -
Verner Kjærsgaard