search for: krb5realm

Hi I read and used the article http://blog.wazollc.com/Lists/Posts/Post.aspx?ID=2 to authenticate my ad accounts when logging on to cent 5...however, once I edit the nsswitch.conf file, I can't even log on as root or any local users anymore. Kinit seems to initialize fine doing a kinit username at MYDOMAIN.COM , however doing a getent passwd adusername ....it just sits there in the shell and

The company where I work is mostly a Windows shop, but I run a few CentOS servers and desktops. I have configured my systems as follows with Kickstart: authconfig --enablemd5 --passalgo=sha512 --enablenis --nisdomain=XXX \ --nisserver=nis1.XXX.com,nis2.XXX.com --useshadow --enablekrb5 \ --krb5realm=XXX.COM --krb5kdc=ldap.XXX.com --krb5adminserver=ldap.XXX.com The /etc/nsswitch.conf file looks like this: passwd: files nis shadow: files nis group: files nis The NIS services are provided by the Windows Domain controllers using Windows Unix Services (or something similarly n...

...n files to work with CentOS 6 and am most of the way there integrating a CentOS 6 system into our LDAP/NIS environment. My authconfig line in the kickstart file is as follows: authconfig --enablemd5 --passalgo=sha512 --enablenis --nisdomain=XXX --nisserver=nis.XXX.com --useshadow --enablekrb5 --krb5realm=XXX.COM --krb5kdc=ldap.XXX.com --krb5adminserver=ldap.XXX.com This is virtually identical to the authconfig line I was using in CentOS 5. My issue is that users cannot log in with their network (NIS) usernames and passwords. If I log in as root, I can do a "su - username" and get the u...

I found what I needed to do DOMAIN=MIND.UNM.EDU SHORT=MIND authconfig --enablekrb5 --krb5kdc=${DOMAIN} --krb5adminserver=${DOMAIN} --krb5realm=${DOMAIN} --enablewinbind --enablewinbindauth --smbsecurity=ads --smbrealm=${DOMAIN} --smbservers=${DOMAIN} --smbworkgroup=${SHORT} --winbindtemplatehomedir=/na/homes/%U --winbindtemplateshell=/bin/bash --enablemkhomedir --enablewinbindusedefaultdomain --update this worked On Mon, Oct 30, 2017 at...

...les nis shadow: files nis group: files nis Our systems are configured using something similar to the following in our Kickstart config file: authconfig --enablemd5 --passalgo=sha512 --enablenis ?nisdomain=XXX \ --nisserver=nis.XXX.com,nis2.XXX.com --useshadow --enablekrb5 \ --krb5realm=XXX.COM --krb5kdc=ldap.XXX.com --krb5adminserver=ldap.XXX.com <http://ldap.xxx.com/> where nis1 and nis2 are the local AD domain controllers. With this configuration, any user can log into any CentOS system, and their home directory is automatically mounted over NFS with autofs. This works...

Hello, I maintain a network of numerous Linux workstations, several Apples, and a few Windows machines. The Apples and Windows XP machines already grab shared data via Samba and the remaining data is exported to the Linux machines via NFS. I am in the process of migrating the existing authentication system from XYZ123 to Kerberos and going to place user data---with the exception of passwords

...edit a bunch of files > > On Mon, Oct 30, 2017 at 10:53 AM, Jeff Sadowski <jeff.sadowski at gmail.com> wrote: >> I found what I needed to do >> DOMAIN=MIND.UNM.EDU >> SHORT=MIND >> authconfig --enablekrb5 --krb5kdc=${DOMAIN} >> --krb5adminserver=${DOMAIN} --krb5realm=${DOMAIN} --enablewinbind >> --enablewinbindauth --smbsecurity=ads --smbrealm=${DOMAIN} >> --smbservers=${DOMAIN} --smbworkgroup=${SHORT} >> --winbindtemplatehomedir=/na/homes/%U --winbindtemplateshell=/bin/bash >> --enablemkhomedir --enablewinbindusedefaultdomain --update &...

...chever AD or Samba server they happen to have an account on. Has anyone gotten Kerberos authentication working on Linux for an arbitrary set of upstream Kerberos servers, including Samba domain controllers or AD servers? I can pick an arbitrary single realm quite easily with the "authfonfig --krb5realm" command, but I'd like to permit multiple Kerberos realms.

fedora's authconfig must edit a bunch of files On Mon, Oct 30, 2017 at 10:53 AM, Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > I found what I needed to do > DOMAIN=MIND.UNM.EDU > SHORT=MIND > authconfig --enablekrb5 --krb5kdc=${DOMAIN} > --krb5adminserver=${DOMAIN} --krb5realm=${DOMAIN} --enablewinbind > --enablewinbindauth --smbsecurity=ads --smbrealm=${DOMAIN} > --smbservers=${DOMAIN} --smbworkgroup=${SHORT} > --winbindtemplatehomedir=/na/homes/%U --winbindtemplateshell=/bin/bash > --enablemkhomedir --enablewinbindusedefaultdomain --update > > this wo...

Hello! I have recently gone through the hassle of trying to get a CentOS 5 server (no gui) with Samba to use ADS for security. After several days of googling and trying different howtos I finally got it working, I now want to write a howto for CentOS 5, Samba 3.0 and Windows Server 2003 SP2. Basically it's a combination of http://www.howtoforge.com/samba_ads_security_mode and

samba-3.0.21c, heimdal-0.7.2 The heimdal documentation[1] talks about a samba integration when both samba and heimdal are using ldap as their backends. I quote: "Now you can proceed as in See Using LDAP to store the database. Heimdal will pick up the Samba LDAP entries if they are in the same search space as the Kerberos entries." There is absolutely no further documentation. I tried

...ba 4.2? Setup: Domain member server 1 – originally setup using SL7.0, samba 4.1, hosting the ldap server, winbind, bound to AD, net idmap secret * worked fine: # yum install samba-winbind samba-winbind-clients pam_krb5 # authconfig --enablekrb5 --krbkdc=dc.domain --krb5adminserver=dc.domain --krb5realm=REALM --enablewinbind --enablewinbindauth --smbsecurity=ads --smbrealm=REALM --smbservers=dc.domain --smbworkgroup=WORKGROUP --winbindtemplatehomedir=/path /%U --winbindtemplateshell=/bin/bash --enablewinbindusedefaultdomain --update # net ads join –U account Updated the winbind related settings...

...ut this little script together: [root at nfsa gregs]# more test.sh #!/bin/sh authconfig \ --enablewinbind \ --enablewins \ --enablewinbindauth \ --smbsecurity=ads \ --smbworkgroup=EHAC \ --smbrealm=EHAC.LOCAL \ --smbservers=ehcserver1.ehac.local \ --krb5realm=EHAC.LOCAL \ --enablewinbindoffline \ --enablekrb5 \ --winbindtemplateshell=/bin/sh \ --winbindjoin=administrator \ --update \ --enablelocauthorize \ --savebackup=/home/gregs/backups [root at nfsa gregs]# When I run it, it makes copies of a bunch of config...

...ba 4.2? Setup: Domain member server 1 - originally setup using SL7.0, samba 4.1, hosting the ldap server, winbind, bound to AD, net idmap secret * worked fine: # yum install samba-winbind samba-winbind-clients pam_krb5 # authconfig --enablekrb5 --krbkdc=dc.domain --krb5adminserver=dc.domain --krb5realm=REALM --enablewinbind --enablewinbindauth --smbsecurity=ads --smbrealm=REALM --smbservers=dc.domain --smbworkgroup=WORKGROUP --winbindtemplatehomedir=/path /%U --winbindtemplateshell=/bin/bash --enablewinbindusedefaultdomain --update # net ads join -U account Updated the winbind related settings...

...t; >> On Mon, Oct 30, 2017 at 10:53 AM, Jeff Sadowski <jeff.sadowski at gmail.com> wrote: >>> I found what I needed to do >>> DOMAIN=MIND.UNM.EDU >>> SHORT=MIND >>> authconfig --enablekrb5 --krb5kdc=${DOMAIN} >>> --krb5adminserver=${DOMAIN} --krb5realm=${DOMAIN} --enablewinbind >>> --enablewinbindauth --smbsecurity=ads --smbrealm=${DOMAIN} >>> --smbservers=${DOMAIN} --smbworkgroup=${SHORT} >>> --winbindtemplatehomedir=/na/homes/%U --winbindtemplateshell=/bin/bash >>> --enablemkhomedir --enablewinbindusedefaultd...

Hi Rowland, > Gesendet: Freitag, 19. Juni 2015 um 13:52 Uhr > Von: "Rowland Penny" <rowlandpenny at googlemail.com> > An: samba at lists.samba.org > Betreff: Re: [Samba] (Samba 4.2.2) wbinfo -i does not get the (correct) unix primary group gid > > On 19/06/15 12:26, Frank Grantz wrote: > > Hi Rowland, > > > >> Gesendet: Freitag, 19. Juni 2015

OS:fedora-26 SAMBA:4.6.8 [root at squints ~]# cat /etc/samba/smb.conf [global] security = ads realm = MIND.UNM.EDU workgroup = MIND idmap config * : backend = tdb idmap config * : range = 2000-7999 idmap config MIND:backend = ad idmap config MIND:schema_mode = rfc2307 idmap config MIND:range = 8000-9999999 winbind nss info = rfc2307 winbind use default domain = yes

Is it at all possible to do a graphical netinstall ? I am using centos 5.2, and i have been doing net installs (pxe) for a while in console mode... -- Test <test at remedial-teacher.nl>