Using Active Directory for SuSE Linux 10 Authentication
My previous post about How to Authenticate to Active Directory on SuSE Linux 9 & How to join Fedora Core 6 Samba Server to Windows 2003 Active Directory talked about using Microsoft Active Directory(AD) for Linux authentication. Yes! Linux & Microsoft can be friends.
Now we talk about SuSE Linux 10 and Microsoft AD authentication.
Basically everything are same as SLES 9 except PAM configurations.
Note: The setup running on SLES10 SP2 (It should be work on SP1)
Below are PAM configuration for SLES10:
/etc/pam.d/common-password
password sufficient pam_winbind.so
password required pam_pwcheck.so nullok
password required pam_unix2.so nullok use_authtok
/etc/pam.d/common-account
account required pam_unix2.so
/etc/pam.d/common-session
session optional pam_mkhomedir.so
session required pam_limits.so
session required pam_unix2.so
/etc/pam.d/common-auth
auth required pam_env.so
auth required pam_unix2.so
/etc/pam.d/passwd
auth include common-auth
account include common-account
password include common-password
session include common-session
/etc/pam.d/sshd
auth include common-auth
auth required pam_nologin.so
account include common-account
password include common-password
session include common-session
/etc/pam.d/login
auth required pam_securetty.so
auth include common-auth
auth required pam_nologin.so
account include common-account
password include common-password
session include common-session
session required pam_lastlog.so nowtmp
session required pam_resmgr.so
session optional pam_mail.so standard
/etc/pam.d/su
auth sufficient pam_rootok.so
auth include common-auth
account include common-account
password include common-password
session include common-session
session optional pam_xauth.so
/etc/pam.d/sudo
auth include common-auth
account include common-account
password include common-password
session include common-session
/etc/security/pam_unix2.conf
auth: call_modules=winbind
account: call_modules=winbind
password: call_modules=winbind
session: none
Possibly Related Posts:
- Boot gOS from USB Drive Experience
- Argument list too long
- RSS Feed Submissions
- Geo Positions
- Interesting about Google Suggest
How to Authenticate to Active Directory on SuSE Linux 9
My previous post about How to join Fedora Core 6 Samba Server to Windows 2003 Active Directory which I believed helpful and getting a lot of traffic from Google search engine.
The following article “How to Authenticate to Active Directory on SuSE Linux 9” will focus on how to join AD domain & authentication using SLES9 SP3 running on my VM machine.
Basically the setup details are:
SLES9: 192.168.1.10
Windows 2003 Server: 192.168.1.1
Required RPM: heimdal-lib(kerberos), samba-client, samba-winbind, samba, sudo, xntp, glibc, pwdutils, openssh.
A. Time synchronization
Ensure Clock synchronization between your SLES9 and AD. Type #rcxntpd start
B. Kerberos setup
Edit /etc/krb5.conf
[libdefaults]
default_realm = AD.YOURDOMAIN.COM
clockskew = 300
[realms]
AD.YOURDOMAIN.COM = {
kdc = ad01.ad.yourdomain.com
default_domain = ad.yourdomain.com
admin_server = ad01.ad.yourdomain.com
}
EXAMPLE.COM = {
kdc = kerberos.example.com
admin_server = kerberos.example.com
}
[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
default = SYSLOG:NOTICE:DAEMON
[domain_realm]
.ad.yourdomain.com = AD.YOURDOMAIN.COM
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 1
try_first_pass = true
}
Note: Be careful here. It’s CASE SENSITIVE and please make sure you can PING each others.
C. Samba setup
Edit /etc/samba/smb.conf
[global]
winbind separator = +
winbind cache time = 10
winbind use default domain = yes
workgroup = ADYOUDOMAIN
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
idmap gid = 10000-20000
idmap uid = 10000-20000
realm = AD.YOURDOMAIN.COM
security = ADS
template homedir = /home/%U
template shell = /bin/bash
password server = server.example.com
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n
Retype*new*password*%n\n*password:*all*authentication*tokens*updated*successfully
Pam password change = Yes
The example show as above is not complete. Please focus on realm and security.
Read more
Possibly Related Posts:
- Boot gOS from USB Drive Experience
- Argument list too long
- RSS Feed Submissions
- Geo Positions
- Interesting about Google Suggest
Veeam Backup 2.0 has been released
Less than five months after the first release, Veeam Backup 2.0 has been released!
The interesting features like:
- Real-time statistics and reports
- Support for VMware ESXi (free of charge)
- Support for Microsoft Volume Shadow Service (VSS) in Windows guest OSes backup
- Support for 3rd party tape backup devices
- Backup and replication combined
- Fast file-level recovery
- Database-consistent backup
Possibly Related Posts:
- Basic vmware-cmd VM Management tips
- Thanks to VMware ESX 3.5 Update 2 Bug
- VMware Infrastructure 3.5 Update 2 have been released
- VMware CPU Resources
- How to add a raw mapping device on VMware
VMware Infrastructure 3.5 Update 2 have been released
VMware have been released the Update 2 for ESX (build 103908) and VirtualCenter (104215).
This new version brings a number of important features including:
- Cross-processors VMotion (auto-configuration of AMD-V Extended Migration and Intel FlexMigration)
- Virtual machines live snapshot through Microsoft Volume Shadow Service (VSS) (only Windows 2003 and 2008 guest OSes)
- Virtual machines live cloning
- Virtual disks hot-extension (only for flat disks without snapshots in persistent mode)
- VMware HA support for individual virtual machines
- VirtualCenter alarms for physical servers health (single components supported)
- Manual computers addition in Guided Consolidation (by hostname or IP)
- Single Sign-On (SSO) on VirtualCenter client (capability to pass-through Windows authentication credentials, with support for smartcards and digital certificates)
- Support for Microsoft Windows Server 2008, Sun Solaris 10 U5, Novell SLES 10 SP2 and Ubuntu 8.04 guest OSes
- Support for 8GB Fibre Channel HBAs
- Support for NFS and iSCSI over 10Gbit Ethernet
- Support for Remote Command Line Interface (CLI) (no more experimental)
- 192 vCPUs per host – VMware now supports increasing the maximum number of vCPUs per host 192 given that the maximum number of Virtual Machines per host is 170 and that no more than 3 virtual floppy devices or virtual CDROM devices are configured on the host at any given time. This support is extended on ESX 3.5 Update 1 as well.
Possibly Related Posts:
- Basic vmware-cmd VM Management tips
- Thanks to VMware ESX 3.5 Update 2 Bug
- Veeam Backup 2.0 has been released
- VMware CPU Resources
- How to add a raw mapping device on VMware
How to customize Terminal Server Client(tsclient) specified screen size?
rdesktop is an open source client for Windows Terminal Services, capable of natively speaking Remote Desktop Protocol (RDP) in order to present the user’s Windows desktop. The rdesktop supported servers include Windows 2000 Server, Windows Server 2003, Windows Server 2008, Windows XP, Windows Vista and Windows NT Server 4.0.
The rdesktop currently runs on most UNIX based platforms with the X Window System, and other ports should be fairly straightforward.
I have an Ubuntu Hardy x64 running on my Dell desktop and another Dell laptop running Windows XP Professional with screen resolution 1152 x 1024.
How to launch rdesktop on Ubuntu Hardy?
Click Applications -> click Internet -> click Terminal Server Client(tsclient).
Enter computer name or IP address, select RDP protocol, enter username & password, and click open. Basically you should be able to connect to your remote desktop computer or server.
If you click on Display, and click use specified screen size, then you should be able to see default Specified Screen Size as below:
640 x 480
800 x 600
1024 x 768
1152 x 864
1280 x 960
1400 x 1250
What happen if I need to have different screen size? Don’t worry! You can use a command line
Read more
Possibly Related Posts:
- Boot gOS from USB Drive Experience
- Argument list too long
- RSS Feed Submissions
- Geo Positions
- Interesting about Google Suggest