Displaying 18 results from an estimated 18 matches for "krb5realm".
2008 Jun 05
4
using windows ad accounts for centos 5
Hi I read and used the article
http://blog.wazollc.com/Lists/Posts/Post.aspx?ID=2 to authenticate my ad
accounts when logging on to cent 5...however, once I edit the
nsswitch.conf file, I can't even log on as root or any local users
anymore. Kinit seems to initialize fine doing a kinit
username at MYDOMAIN.COM , however doing a getent passwd adusername ....it
just sits there in the shell and
2014 Jun 10
2
How to configure user accounts without NIS
The company where I work is mostly a Windows shop, but I run a few CentOS
servers and desktops. I have configured my systems as follows with Kickstart:
authconfig --enablemd5 --passalgo=sha512 --enablenis --nisdomain=XXX \
--nisserver=nis1.XXX.com,nis2.XXX.com --useshadow --enablekrb5 \
--krb5realm=XXX.COM --krb5kdc=ldap.XXX.com --krb5adminserver=ldap.XXX.com
The /etc/nsswitch.conf file looks like this:
passwd: files nis
shadow: files nis
group: files nis
The NIS services are provided by the Windows Domain controllers using Windows
Unix Services (or something similarly n...
2011 Aug 25
1
Help integrating CentOS 6 with existing network login infrastructure
...n files to work with CentOS 6 and am most of the way there integrating a CentOS 6 system into our LDAP/NIS environment. My authconfig line in the kickstart file is as follows:
authconfig --enablemd5 --passalgo=sha512 --enablenis --nisdomain=XXX --nisserver=nis.XXX.com --useshadow --enablekrb5 --krb5realm=XXX.COM --krb5kdc=ldap.XXX.com --krb5adminserver=ldap.XXX.com
This is virtually identical to the authconfig line I was using in CentOS 5. My issue is that users cannot log in with their network (NIS) usernames and passwords.
If I log in as root, I can do a "su - username" and get the u...
2017 Oct 30
2
winbind rfc2307 not being obeyed
I found what I needed to do
DOMAIN=MIND.UNM.EDU
SHORT=MIND
authconfig --enablekrb5 --krb5kdc=${DOMAIN}
--krb5adminserver=${DOMAIN} --krb5realm=${DOMAIN} --enablewinbind
--enablewinbindauth --smbsecurity=ads --smbrealm=${DOMAIN}
--smbservers=${DOMAIN} --smbworkgroup=${SHORT}
--winbindtemplatehomedir=/na/homes/%U --winbindtemplateshell=/bin/bash
--enablemkhomedir --enablewinbindusedefaultdomain --update
this worked
On Mon, Oct 30, 2017 at...
2015 May 07
2
Best way to integrate CentOS in Windows AD environment
...les nis
shadow: files nis
group: files nis
Our systems are configured using something similar to the following in our Kickstart config file:
authconfig --enablemd5 --passalgo=sha512 --enablenis ?nisdomain=XXX \
--nisserver=nis.XXX.com,nis2.XXX.com --useshadow --enablekrb5 \
--krb5realm=XXX.COM --krb5kdc=ldap.XXX.com --krb5adminserver=ldap.XXX.com <http://ldap.xxx.com/>
where nis1 and nis2 are the local AD domain controllers. With this configuration, any user can log into any CentOS system, and their home directory is automatically mounted over NFS with autofs. This works...
2006 Nov 29
2
Samba and Heimdal Kerberos V Authentication
Hello,
I maintain a network of numerous Linux workstations, several Apples,
and a few Windows machines. The Apples and Windows XP machines already
grab shared data via Samba and the remaining data is exported to the
Linux machines via NFS.
I am in the process of migrating the existing authentication system
from XYZ123 to Kerberos and going to place user data---with the
exception of passwords
2017 Oct 30
2
winbind rfc2307 not being obeyed
...edit a bunch of files
>
> On Mon, Oct 30, 2017 at 10:53 AM, Jeff Sadowski <jeff.sadowski at gmail.com> wrote:
>> I found what I needed to do
>> DOMAIN=MIND.UNM.EDU
>> SHORT=MIND
>> authconfig --enablekrb5 --krb5kdc=${DOMAIN}
>> --krb5adminserver=${DOMAIN} --krb5realm=${DOMAIN} --enablewinbind
>> --enablewinbindauth --smbsecurity=ads --smbrealm=${DOMAIN}
>> --smbservers=${DOMAIN} --smbworkgroup=${SHORT}
>> --winbindtemplatehomedir=/na/homes/%U --winbindtemplateshell=/bin/bash
>> --enablemkhomedir --enablewinbindusedefaultdomain --update
&...
2013 Aug 08
0
Kerberos authentication for multiple upstream domains
...chever AD or Samba server they happen to have an account on.
Has anyone gotten Kerberos authentication working on Linux for an
arbitrary set of upstream Kerberos servers, including Samba domain
controllers or AD servers? I can pick an arbitrary single realm quite
easily with the "authfonfig --krb5realm" command, but I'd like to
permit multiple Kerberos realms.
2017 Oct 30
0
winbind rfc2307 not being obeyed
fedora's authconfig must edit a bunch of files
On Mon, Oct 30, 2017 at 10:53 AM, Jeff Sadowski <jeff.sadowski at gmail.com> wrote:
> I found what I needed to do
> DOMAIN=MIND.UNM.EDU
> SHORT=MIND
> authconfig --enablekrb5 --krb5kdc=${DOMAIN}
> --krb5adminserver=${DOMAIN} --krb5realm=${DOMAIN} --enablewinbind
> --enablewinbindauth --smbsecurity=ads --smbrealm=${DOMAIN}
> --smbservers=${DOMAIN} --smbworkgroup=${SHORT}
> --winbindtemplatehomedir=/na/homes/%U --winbindtemplateshell=/bin/bash
> --enablemkhomedir --enablewinbindusedefaultdomain --update
>
> this wo...
2007 Oct 01
2
HowTo: Samba with ADS security in CentOS 5
Hello!
I have recently gone through the hassle of trying to get a CentOS 5 server
(no gui) with Samba to use ADS for security. After several days of googling
and trying different howtos I finally got it working, I now want to write a
howto for CentOS 5, Samba 3.0 and Windows Server 2003 SP2.
Basically it's a combination of
http://www.howtoforge.com/samba_ads_security_mode and
2006 Mar 17
1
samba3 and heimdal: both using ldap as backends
samba-3.0.21c, heimdal-0.7.2
The heimdal documentation[1] talks about a samba integration when both
samba and heimdal are using ldap as their backends. I quote:
"Now you can proceed as in See Using LDAP to store the database. Heimdal
will pick up the Samba LDAP entries if they are in the same search space
as the Kerberos entries."
There is absolutely no further documentation.
I tried
2016 Feb 04
0
What is the equivalent of net idmap secret in samba 4.2 ?
...ba 4.2?
Setup:
Domain member server 1 – originally setup using SL7.0, samba 4.1, hosting the ldap server, winbind, bound to AD, net idmap secret * worked fine:
# yum install samba-winbind samba-winbind-clients pam_krb5
# authconfig --enablekrb5 --krbkdc=dc.domain --krb5adminserver=dc.domain --krb5realm=REALM --enablewinbind --enablewinbindauth --smbsecurity=ads --smbrealm=REALM --smbservers=dc.domain --smbworkgroup=WORKGROUP --winbindtemplatehomedir=/path /%U --winbindtemplateshell=/bin/bash --enablewinbindusedefaultdomain --update
# net ads join –U account
Updated the winbind related settings...
2014 Aug 30
4
I want a Fedora 20 system to be a member server and offer a share in a Windows 2008R2 Active Directory domain
...ut this little script together:
[root at nfsa gregs]# more test.sh
#!/bin/sh
authconfig \
--enablewinbind \
--enablewins \
--enablewinbindauth \
--smbsecurity=ads \
--smbworkgroup=EHAC \
--smbrealm=EHAC.LOCAL \
--smbservers=ehcserver1.ehac.local \
--krb5realm=EHAC.LOCAL \
--enablewinbindoffline \
--enablekrb5 \
--winbindtemplateshell=/bin/sh \
--winbindjoin=administrator \
--update \
--enablelocauthorize \
--savebackup=/home/gregs/backups
[root at nfsa gregs]#
When I run it, it makes copies of a bunch of config...
2016 Feb 04
1
What is the equivalent of net idmap secret in samba 4.2 ?
...ba 4.2?
Setup:
Domain member server 1 - originally setup using SL7.0, samba 4.1, hosting the ldap server, winbind, bound to AD, net idmap secret * worked fine:
# yum install samba-winbind samba-winbind-clients pam_krb5
# authconfig --enablekrb5 --krbkdc=dc.domain --krb5adminserver=dc.domain --krb5realm=REALM --enablewinbind --enablewinbindauth --smbsecurity=ads --smbrealm=REALM --smbservers=dc.domain --smbworkgroup=WORKGROUP --winbindtemplatehomedir=/path /%U --winbindtemplateshell=/bin/bash --enablewinbindusedefaultdomain --update
# net ads join -U account
Updated the winbind related settings...
2017 Oct 30
0
winbind rfc2307 not being obeyed
...t;
>> On Mon, Oct 30, 2017 at 10:53 AM, Jeff Sadowski <jeff.sadowski at gmail.com> wrote:
>>> I found what I needed to do
>>> DOMAIN=MIND.UNM.EDU
>>> SHORT=MIND
>>> authconfig --enablekrb5 --krb5kdc=${DOMAIN}
>>> --krb5adminserver=${DOMAIN} --krb5realm=${DOMAIN} --enablewinbind
>>> --enablewinbindauth --smbsecurity=ads --smbrealm=${DOMAIN}
>>> --smbservers=${DOMAIN} --smbworkgroup=${SHORT}
>>> --winbindtemplatehomedir=/na/homes/%U --winbindtemplateshell=/bin/bash
>>> --enablemkhomedir --enablewinbindusedefaultd...
2015 Jun 19
1
(Samba 4.2.2) wbinfo -i does not get the (correct) unix primary group gid
Hi Rowland,
> Gesendet: Freitag, 19. Juni 2015 um 13:52 Uhr
> Von: "Rowland Penny" <rowlandpenny at googlemail.com>
> An: samba at lists.samba.org
> Betreff: Re: [Samba] (Samba 4.2.2) wbinfo -i does not get the (correct) unix primary group gid
>
> On 19/06/15 12:26, Frank Grantz wrote:
> > Hi Rowland,
> >
> >> Gesendet: Freitag, 19. Juni 2015
2017 Oct 30
4
winbind rfc2307 not being obeyed
OS:fedora-26
SAMBA:4.6.8
[root at squints ~]# cat /etc/samba/smb.conf
[global]
security = ads
realm = MIND.UNM.EDU
workgroup = MIND
idmap config * : backend = tdb
idmap config * : range = 2000-7999
idmap config MIND:backend = ad
idmap config MIND:schema_mode = rfc2307
idmap config MIND:range = 8000-9999999
winbind nss info = rfc2307
winbind use default domain = yes
2008 Sep 27
2
Graphical net install
Is it at all possible to do a graphical netinstall ?
I am using centos 5.2, and i have been doing net installs (pxe) for a
while in console mode...
--
Test <test at remedial-teacher.nl>