Using Active Directory for SuSE Linux 10 Authentication
Posted by Planet Malaysia on August 18, 2008
My previous post about How to Authenticate to Active Directory on SuSE Linux 9 & How to join Fedora Core 6 Samba Server to Windows 2003 Active Directory talked about using Microsoft Active Directory(AD) for Linux authentication. Yes! Linux & Microsoft can be friends.
Now we talk about SuSE Linux 10 and Microsoft AD authentication.
Basically everything are same as SLES 9 except PAM configurations.
Note: The setup running on SLES10 SP2 (It should be work on SP1)
Below are PAM configuration for SLES10:
/etc/pam.d/common-password
password sufficient pam_winbind.so
password required pam_pwcheck.so nullok
password required pam_unix2.so nullok use_authtok
/etc/pam.d/common-account
account required pam_unix2.so
/etc/pam.d/common-session
session optional pam_mkhomedir.so
session required pam_limits.so
session required pam_unix2.so
/etc/pam.d/common-auth
auth required pam_env.so
auth required pam_unix2.so
/etc/pam.d/passwd
auth include common-auth
account include common-account
password include common-password
session include common-session
/etc/pam.d/sshd
auth include common-auth
auth required pam_nologin.so
account include common-account
password include common-password
session include common-session
/etc/pam.d/login
auth required pam_securetty.so
auth include common-auth
auth required pam_nologin.so
account include common-account
password include common-password
session include common-session
session required pam_lastlog.so nowtmp
session required pam_resmgr.so
session optional pam_mail.so standard
/etc/pam.d/su
auth sufficient pam_rootok.so
auth include common-auth
account include common-account
password include common-password
session include common-session
session optional pam_xauth.so
/etc/pam.d/sudo
auth include common-auth
account include common-account
password include common-password
session include common-session
/etc/security/pam_unix2.conf
auth: call_modules=winbind
account: call_modules=winbind
password: call_modules=winbind
session: none
/etc/krb5.conf remain same as SLES 9
/etc/samba/smb.conf can be remain same as SLES9 which focus on realm and security.
How to make sure kerberos is working properly, type
#kinit domainadministrator@AD.YOURDOMAIN.COM
Enter your administrator password if required
How to Join AD Domain on Linux?
Type:
#net ads join -U domainadministrator
Domainadministrator’s password:
Using short domain name — AD
Joined ‘AD.YOURDOMAIN.COM’ to realm ‘AD.YOURDOMAIN.COM’
You should be connect to Microsoft AD now. Now see if you can retrieve the Domain Information with the following commands:
wbinfo -u (Lists all domain users)
wbinfo -g (Lists all domain groups)
Testing! Open a new Putty SSH session, login with adyourdomain\youradusename and password.
Note: Please make sure your winbind(/etc/init.d/winbind start) services is running.
e.g adserver01\yourusername
If you’re require sudo, type #visudo and insert:
%ADYOURDOMAIN\\adgroupnamehere ALL=(ALL) ALL
and save.
After login as normal user and type #sudo su -
You’re require to enter your password for access as root.
Congratulations! You’re done!
Possibly Related Posts:
- How to add Dell PERC Drivers into VMware Converter Cold Clone ISO
- Top 10 Free Anti Virus
- How to Install Webmin on OpenFiler
- Microsoft SQL 2008 Agent not starts
- VMware Workstation 7 Serial Key
Comments
4 Responses to “Using Active Directory for SuSE Linux 10 Authentication”
Leave a Reply
[...] SLES 10 Authentication Login Using Active Directory [...]
Thank you! I’m wanting to maybe use SLES 10 in my production environment and this is what I needed.
If you SSH login from one server to another server, you're require to type: “adyourdomainusername@ipaddress” OR ssh adyourdomain\username@ipaddress
SLES10 and Active Directory…
These notes are based on work around figuring out how to set up SLES10 to support AD, specifically for SMB shares on IMAGE21. Files touched: /etc/krb5.conf /etc/nsswitch.conf /etc/samba/smb.conf /etc/pam.d/commonpassword /etc/pam…….