[OpenIndiana-discuss] AD Authentication and Samba 4 Active Directory

Marc Jakob marc at planet-sun.net
Wed Sep 17 11:10:01 UTC 2014 

Hi Andrew,

did you put the following in nsswitch.conf:

passwd:     files ad
group:      files ad

having joined to my samba4 AD controller ssh login works using putty and GSSAPI login (Kerberos token from AD login) using my windows user name - which has to exist in passwd or you use ldap client bindings to retrieve shell and so on.

HTH,

Marc

On 17.09.2014, at 08:30, Predrag Zecevic [Unix Systems Administrator] <Predrag.Zecevic at 2e-systems.com> wrote:

> Hi Martin,
> 
> I guess that LDAP/Kerberos authentication depends on PAM setup, so take a look (me, personally never used it on OI as server).
> 
> HTH,
> Regards
> Predrag Zečević
> 
> On 09/16/14 11:44 PM, Andrew Martin wrote:
>> Hello,
>> 
>> I have been attempting to follow this guide for setting up Active Directory
>> authentication on OpenIndiana using LDAP+Kerberos:
>> http://wiki.openindiana.org/oi/Kerberos+and+LDAP
>> 
>> Note that this connecting to a Samba 4 Active Directory server.
>> 
>> I am able to successfully view AD users via "getent passwd" and other tools that
>> utilize the nsswitch hooks, however AD users are unable to login to the
>> OpenIndiana server. I have read in a few places that the unixUserPassword field
>> may be used for this purpose, however the above guide specifically instructs you
>> to disable the "Password Sync" Windows component. Here's some more information
>> on this field:
>> http://blogs.technet.com/b/sfu/archive/2010/01/08/using-unixuserpassword-attribute-properly.aspx
>> 
>> How does the LDAP+Kerberos method authenticate a user's password? What else can
>> I do to debug this setup? I do not see any authentication errors in /var/log.
>> 
>> Thanks,
>> 
>> Andrew Martin
>> 
>> _______________________________________________
>> openindiana-discuss mailing list
>> openindiana-discuss at openindiana.org
>> http://openindiana.org/mailman/listinfo/openindiana-discuss
>> 
> 
> -- 
> Predrag Zečević, Technical Support Analyst, 2e Systems GmbH
> 
> Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894
> Mobile:    +49  174 3109 288,     Skype: predrag.zecevic
> E-mail:    predrag.zecevic at 2e-systems.com
> 
> Headquarter:          2e Systems GmbH, Königsteiner Str. 87,
>                      65812 Bad Soden am Taunus, Germany
> Company registration: Amtsgericht Königstein (Germany), HRB 7303
> Managing director:    Phil Douglas
> 
> http://www.2e-systems.com/ - Making your business fly!
> 
> [***]===---
> "Necessity is the mother of invention" is a silly proverb. "Necessity is the mother of futile dodges" is much nearer the truth. -- Alfred North Whitehead
> 
> _______________________________________________
> openindiana-discuss mailing list
> openindiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss

More information about the openindiana-discuss mailing list