Comments on: Active Directory Integration with Samba for RHEL/CentOS 5

By: consultant

consultant — Wed, 19 Aug 2009 22:34:25 +0000

Hi dbman,

That’s correct, starting CentOS 5.0 authconfig can insert the pam_mkhomedir.so line.

But in my case, I need the pam_oddjob_mkhomedir.so line, which can create home directories even with non-root account. This is because Dovecot drops down to the user account when updating the mailbox.

By: dbman

dbman — Wed, 19 Aug 2009 14:11:11 +0000

The part about automated home directories is now outdated as of RHEL 5.3 (CentOS 5.3 too). The authconfig program (what runs in the background to set everything up from the GUI) now inserts the following line in the /etc/pam.d/system-auth file:

session optional pam_mkhomedir.so

This does the directory creation for the domain, and creates the home directory for each user logging in using the skeleton files. It is no longer necessary to do these actions or hand-modify the system-auth file.

By: consultant

consultant — Sat, 15 Aug 2009 02:02:26 +0000

Hi Tamas L,

Template Shell should /bin/false to prevent anyone from logging in.

By: Tamas L

Tamas L — Wed, 12 Aug 2009 14:46:37 +0000

Thank you, it’s a great understandable guide.

I have a task, but I don’t know which authorisation method should I use. I have to make a linux fileserver in a win2k3 domain. I don’t want anybody to sign into this fileserver, just the samba server have to authenticate the users against the AD.
How have to provide the permissions for the samba server in this case

Thank you,

Tamas

By: consultant

consultant — Mon, 08 Jun 2009 14:02:17 +0000

Hi Joe,

You can use direct LDAP lookup in Active Directory using the Microsoft provided Identity Management for Unix

By: Joe

Joe — Thu, 28 May 2009 21:00:23 +0000

I haven’t seen anyway to authenticate without actually joining. Maybe a direct ldap or kerberos lookup rather than using the winbind daemon?

some interesting solutions might be to:
1. modify your /etc/group file to add domain users to wheel group, then enable wheel group in /etc/sudoers

2. setup a full samba server and import (or authenticate against) ldap users from AD

3. check this paid option out (i discovered this yesterday) http://www.likewise.com

By: Mike P

Mike P — Thu, 28 May 2009 15:46:11 +0000

I’m using CentOS 5.3

Is there a way to authenticate users against AD without joining the server to the AD domain?
I basically just want to use AD for authentication while still managing the user within Linux.

By: Joe

Joe — Wed, 20 May 2009 18:59:04 +0000

I figured out my problem. i made all the changes, but winbind was not able to function correctly because SELinux was preventing it from accessing certain files. i set SELinux to permissive and it worked like a charm.

By: Centos 5 / Samba file sharing

Centos 5 / Samba file sharing — Wed, 20 May 2009 09:15:42 +0000

[...] -u To join it to the domain I used this excellent step by step guide for novices like myself Active Directory Integration with Samba for RHEL/CentOS 5 | Linux Mail Server Setup and Howto Guide Any ideas or should I just give up and try and install it on [...]

By: Joe

Joe — Thu, 14 May 2009 22:29:25 +0000

i followed this entire guide exactly and now my rhel 5 server won’t let me login as root. it says “Authentication failed”. i’m pretty sure i messed up somewhere, but not too sure where; i did notice that my smb.conf file looks a little different than the picture.