How to Unite Redhat 9 Linux with Windows 2003 Active Directory authentication
Dear All,
How to configure a Redhat 9 client to windows 2003 server. I have windows 2003 server which act has domain controller in my office. I have been asked to use redhat 9 has client. how to configure so that redhat 9 can authenticate with windows 2003 server .I have username created in windows 2003 domain sever ,so when my client redhat 9 boot up ask for username and password, i should put username and password and get authenticated with windows 2003 server.if someone can tell me how to configure this in detail will be greatful.
I am running AIX 7.1 and currently we have samba 3.6.25 installed on the server. As it stands some AIX folders are shared that can be accessed by certain Windows users.
The problem is that since Windows 10 the guest feature no longer works so users have to manually type in their Windows login/pwd... (14 Replies)
I want to connect via SSH that will authenticate via active directory (domain controller). For example my network login in my workstation is user123/123user under a domain. I wanted to use this details to login via ssh. In this way I don't have to add and create username everytime in the server... (1 Reply)
Hi All,
I am a newb in this forums. I am a Linux admin and I hope I will get the solution here.
In my company I have setup AD and I can authenticate the windows machines using this AD, also able to apply policy.
Now I have installed some Linux machines but I can't able to authenticate via... (6 Replies)
Hi all.
I'm having real trouble authenticating users against active directory for my SCO UnixWare 7.1.4 box running samba 3.0.24 (installed via Maintenance pack 4). I can list AD users/groups (after overcoming several hiccups) with wbinfo -g / wbinfo -u. I can use id to get a view an ad user ie:... (0 Replies)
Hello everybody .. i want connect with smbclient to an windows server 2003 with active directory. Exist a version of samba that can do this?
Thank you very much for your time.
Good Luck :b: (3 Replies)
Hello all,
I heard that we can use Solaris to authenticate user with Active Directory. However, I do not see the point why we need to do that?? what's the benefit to authenticate user with Active Directory???
Example,
I have Solaris and I limited only 10 users can access Solaris production... (1 Reply)
REALMD.CONF(5) File Formats REALMD.CONF(5)NAME
realmd.conf - Tweak behavior of realmd
CONFIGURATION FILE
realmd can be tweaked by network administrators to act in specific ways. This is done by placing settings in a /etc/realmd.conf. This file
does not exist by default. The syntax of this file is the same as an INI file or Desktop Entry file.
In general, settings in this file only apply at the point of joining a domain or realm. Once the realm has been setup the settings have no
effect. You may choose to configure SSSD[1] or Winbind[2] directly.
Only specify the settings you wish to override in the /etc/realmd.conf file. Settings not specified will be loaded from their packaged
defaults. Only override the settings below. You may find other settings if you look through the realmd source code. However these are not
guaranteed to remain stable.
There are various sections in the config file. Some sections are global topic sections, and are listed below. Other sections are specific
to a given realm. These realm specific sections should always contain the domain name in lower case as their section header.
Examples of each setting is found below, including the header of the section it should be placed in. However in the resulting file only
include each section once, and combine the various section setting together as lines underneath the section. For example
[users]
default-home = /home/%U
default-shell = /bin/bash
ACTIVE-DIRECTORY
These options should go in an [active-directory] section of the /etc/realmd.conf file. Only specify the settings you wish to override.
default-client
Specify the default-client setting in order to control which client software is the preferred default for use with Active Directory.
[active-directory]
default-client = sssd
# default-client = winbind
The default setting for this is sssd which uses SSSD[1] as the Active Directory client. You can also specify winbind to use Samba
Winbind[2].
Some callers of realmd such as the realm command line tool allow specifying which client software should be used. Others, such as GNOME
Control Center, simplify choose the default.
You can verify the preferred default client softawre by running the following command. The realm with the preferred client software
will be listed first.
$ realm discover domain.example.com
domain.example.com
configured: no
server-software: active-directory
client-software: sssd
type: kerberos
realm-name: AD.THEWALTER.LAN
domain-name: ad.thewalter.lan
domain.example.com
configured: no
server-software: active-directory
client-software: winbind
type: kerberos
realm-name: AD.THEWALTER.LAN
domain-name: ad.thewalter.lan
os-name
(see below)
os-version
Specify the os-name and/or os-version settings to control the values that are placed in the computer account operatingSystem and
operatingSystemVersion attributes.
This is an Active Directory specific option.
[active-directory]
os-name = Gentoo Linux
os-version = 9.9.9.9.9
SERVICE
These options should go in an [service] section of the /etc/realmd.conf file. Only specify the settings you wish to override.
automatic-install
Set this to no to disable automatic installation of packages via package-kit.
[service]
automatic-install = no
# automatic-install = yes
USERS
These options should go in an [users] section of the /etc/realmd.conf file. Only specify the settings you wish to override.
default-home
Specify the default-home setting in order to control how to set the home directory for accounts that have no home directory explicitly
set.
[users]
default-home = /home/%D/%U
# default-home = /nfs/home/%D-%U
The default setting for this is /home/%D/%U. The %D format is replaced by the domain name. The %U format is replaced by the user name.
You can verify the home directory for a user by running the following command.
$ getent passwd 'DOMAIN/User'
DOMAINuser:*:13445:13446:Name:/home/DOMAIN/user:/bin/bash
Note that in the case of IPA domains, most users already have a home directory configured in the domain. Therefore this configuration
setting may rarely show through.
default-shell
Specify the default-shell setting in order to control how to set the Unix shell for accounts that have no shell explicitly set.
[users]
default-shell = /bin/bash
# default-shell = /bin/sh
The default setting for this is /bin/bash shell. The shell should be a valid shell if you expect the domain users be able to log in.
For example it should exist in the /etc/shells file.
You can verify the shell for a user by running the following command.
$ getent passwd 'DOMAIN/User'
DOMAINuser:*:13445:13446:Name:/home/DOMAIN/user:/bin/bash
Note that in the case of IPA domains, most users already have a shell configured in the domain. Therefore this configuration setting
may rarely show through.
REALM SPECIFIC SETTINGS
These options should go in an section with the same name as the realm in the /etc/realmd.conf file. For example for the domain.example.com
domain the section would be called [domain.example.com]. To figure out the canonical name for a realm use the realm command:
$ realm discover --name DOMAIN.example.com
domain.example.com
...
Only specify the settings you wish to override.
computer-ou
Specify this option to create directory computer accounts in a location other than the default. This currently only works with Active
Directory domains.
[domain.example.com]
computer-ou = OU=Linux Computers,DC=domain,DC=example,DC=com
# computer-ou = OU=Linux Computers,
Specify the OU as an LDAP DN. It can be relative to the Root DSE, or a complete LDAP DN. Obviously the OU must exist in the directory.
It is also possible to use the --computer-ou argument of the realm command to create a computer account at a specific OU.
user-prinicpal
Set the user-prinicpal to yes to create userPrincipalName attributes for the computer account in the realm, in the form
host/computer@REALM
[domain.example.com]
user-principal = yes
automatic-id-mapping
This option is on by default for Active Directory realms. Turn it off to use UID and GID information stored in the directory (as-per
RFC2307) rather than automatically generating UID and GID numbers.
This option only makes sense for Active Directory realms.
[domain.example.com]
automatic-id-mapping = no
# automatic-id-mapping = yes
manage-system
This option is on by default. Normally joining a realm affects many aspects of the configuration and management of the system. Turning
this off limits the interaction with the realm or domain to authentication and identity.
[domain.example.com]
manage-system = no
# manage-system = yes
When this option is turned on realmd defaults to using domain policy to control who can log into this machine. Further adjustments to
login policy can be made with the realm permit command.
fully-qualified-names
This option is on by default. If turned off then realm user and group names are not qualified their name. This may cause them to
conflict with local user and group names.
[domain.example.com]
fully-qualified-names = no
# fully-qualified-names = yes
AUTHOR
Stef Walter <stef@thewalter.net>
Maintainer
NOTES
1. SSSD
https://fedorahosted.org/sssd/
2. Winbind
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html
realmd 06/10/2014 REALMD.CONF(5)