+ Post New Thread
Results 1 to 12 of 12
*nix Thread, adding 'nix box to domain in Technical; been trying to get this and logging on with doman accounts working. managed to get it on the domain, kerberos ...
  1. #1
    browolf's Avatar
    Join Date
    Jun 2005
    Location
    Mars
    Posts
    1,525
    Thank Post
    106
    Thanked 89 Times in 75 Posts
    Blog Entries
    46
    Rep Power
    40

    adding 'nix box to domain

    been trying to get this and logging on with doman accounts working.
    managed to get it on the domain,
    kerberos works
    winbind works
    pam doesnt seem to work.

    i had it at the point where if i tried to use a domain account to login thru ssh, it just said access denied. I'm not sure where to find out what that means.

    unfortunately i fiddled with it some more and now i've locked myself out. if i use a domain account it says access denied and if i use my own debian account it mysteriously closes putty and the root account says access denied too.
    i was using the pam instructions on here, Howto: Ubuntu server as an Active Directory member server - Ubuntu Forums

    i've managed to get in with init=/bin/sh but not sure what to do now
    Last edited by browolf; 3rd December 2008 at 03:00 PM. Reason: typos

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    You've broken the PAM configuration. I've read the instructions they've posted an they are correct. Thus re-read and follow through the "Configure PAM to use Winbind for workstations authentication" section and fix whatever you broke.

  3. #3
    browolf's Avatar
    Join Date
    Jun 2005
    Location
    Mars
    Posts
    1,525
    Thank Post
    106
    Thanked 89 Times in 75 Posts
    Blog Entries
    46
    Rep Power
    40
    Quote Originally Posted by Geoff View Post
    You've broken the PAM configuration. I've read the instructions they've posted an they are correct. Thus re-read and follow through the "Configure PAM to use Winbind for workstations authentication" section and fix whatever you broke.
    actually what i've done is, changed the settings to these settings
    Configure PAM

    and i can get back in again, cos i figured what ever me & those settings did they broke local logins. unexpectedly domain logins now work too! although that might have something to do with replacing ssh with ssh-krb5
    but now chdir to home directory doesnt work. there's always one more thing thats broke lol
    Last edited by browolf; 3rd December 2008 at 04:05 PM.

  4. #4


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    unexpectedly domain logins now work too!
    congrats,

    A follow up question (and probably a rather noobish one considering I have 1600 accounts on a samba share!):
    I've been using domain logins for some time now, but my domain account doesn't have rights to things like cdrom because it isn't in the local cdrom group.
    How do I map AD groups to unix groups in samba ?

  5. #5

    Join Date
    Mar 2007
    Posts
    25
    Thank Post
    0
    Thanked 3 Times in 3 Posts
    Rep Power
    16

    likewise-open

    Ubuntu now has like-wise open in the repo's for 8.04 onwards. Takes all the hassle out of making ubuntu talk to windows:

    https://help.ubuntu.com/8.04/serverg...wise-open.html

  6. #6
    browolf's Avatar
    Join Date
    Jun 2005
    Location
    Mars
    Posts
    1,525
    Thank Post
    106
    Thanked 89 Times in 75 Posts
    Blog Entries
    46
    Rep Power
    40
    it seems like cheating to use such things lol. anyway adding the computer to the domain I can manage. it's always pam i have trouble with.

    like i copied all the settings from the original debian virtual machine i had it working on to an ubuntu pc. does it work? does it buggery. every guide i look at on the net seems to have a different settings...

  7. #7

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Quote Originally Posted by CyberNerd View Post
    How do I map AD groups to unix groups in samba ?
    Code:
    net groupmap add unixgroup=cdrom type=domain ntgroup="DOMAIN\Domain Users" comment="Allow Domain Users to use local CD drives."

  8. Thanks to Geoff from:

    CyberNerd (8th December 2008)

  9. #8
    browolf's Avatar
    Join Date
    Jun 2005
    Location
    Mars
    Posts
    1,525
    Thank Post
    106
    Thanked 89 Times in 75 Posts
    Blog Entries
    46
    Rep Power
    40
    Quote Originally Posted by Marc View Post
    Ubuntu now has like-wise open in the repo's for 8.04 onwards. Takes all the hassle out of making ubuntu talk to windows:

    https://help.ubuntu.com/8.04/serverg...wise-open.html
    so in the end i've tried this and it added to domain: success, login as domain user failed. still end up with no logon servers when i try to logon.

  10. #9

    Join Date
    Mar 2007
    Posts
    25
    Thank Post
    0
    Thanked 3 Times in 3 Posts
    Rep Power
    16

    Ah, just remembered....

    There's a bug with that package that means the likewise daemon does not get started at boot up...

    sudo update-rc.d likewise-open defaults

    That one got me too

  11. #10
    browolf's Avatar
    Join Date
    Jun 2005
    Location
    Mars
    Posts
    1,525
    Thank Post
    106
    Thanked 89 Times in 75 Posts
    Blog Entries
    46
    Rep Power
    40
    hmm it said

    system startup links for /etc/init.d/likewise-open already exist

    it's funny when I logon with my account that also exists on the domain with the same pass i have to put in my password twice, then it says no logon servers then it lets me in. i can connect to shares on a windows server with my account.

    I dont really understand why it's this hard to make work domain logins work....been trying for days with various different instructions.

    I can only imagine there's something wrong on the actual domain.

    now i remember why I despise gui-driven linux
    Last edited by browolf; 8th December 2008 at 02:19 PM.

  12. #11
    browolf's Avatar
    Join Date
    Jun 2005
    Location
    Mars
    Posts
    1,525
    Thank Post
    106
    Thanked 89 Times in 75 Posts
    Blog Entries
    46
    Rep Power
    40
    tried again with different instructions. started afresh
    Aerospace Software Ltd.

    still got the same old login failure but the errors are here

    Code:
    Dec  9 15:55:10 ubuntu gdm[4922]: pam_unix(gdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=  user=ntstaff
    Dec  9 15:55:26 ubuntu gdm[4922]: pam_unix(gdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=  user=ACADEMIC+andy
    Dec  9 15:55:42 ubuntu gdm[4922]: pam_winbind(gdm:auth): getting password (0x00000000)
    Dec  9 15:55:47 ubuntu gdm[4922]: pam_winbind(gdm:auth): user 'mother' granted access
    Dec  9 15:55:47 ubuntu gdm[4922]: pam_unix(gdm:session): session opened for user mother by (uid=0)
    Dec  9 15:55:47 ubuntu gdm[4922]: pam_ck_connector(gdm:session): nox11 mode, ignoring PAM_TTY :0
    Dec  9 15:55:47 ubuntu gdm[4922]: gnome-keyring-daemon: couldn't lookup keyring component setting: Failed to contact configuration server; some possible causes are that you need to enable TCP/IP networking for ORBit, or you have stale NFS locks due to a system crash. See http://www.gnome.org/projects/gconf/ for information. (Details -  1: Failed to get connection to session: dbus-launch failed to autolaunch D-Bus session: No protocol specified
    Dec  9 15:55:47 ubuntu gdm[4922]: Autolaunch error: X11 initialization failed.
    Dec  9 15:55:47 ubuntu gdm[4922]: )gnome-keyring-daemon: couldn't lookup ssh component setting: Failed to contact configuration server; some possible causes are that you need to enable TCP/IP networking for ORBit, or you have stale NFS locks due to a system crash. See http://www.gnome.org/projects/gconf/ for information. (Details -  1: Failed to get connection to session: dbus-launch failed to autolaunch D-Bus session: No protocol specified
    Dec  9 15:55:47 ubuntu gdm[4922]: Autolaunch error: X11 initialization failed.
    Dec  9 15:55:47 ubuntu gdm[4922]: )gnome-keyring-daemon: couldn't lookup pkcs11 component setting: Failed to contact configuration server; some possible causes are that you need to enable TCP/IP networking for ORBit, or you have stale NFS locks due to a system crash. See http://www.gnome.org/projects/gconf/ for information. (Details -  1: Failed to get connection to session: dbus-launch failed to autolaunch D-Bus session: No protocol specified
    Dec  9 15:55:47 ubuntu gdm[4922]: Autolaunch error: X11 initialization failed.
    Dec  9 15:55:48 ubuntu gdm[4922]: )

  13. #12

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Does a non-graphical login work?

SHARE:
+ Post New Thread

Similar Threads

  1. Adding new computer to domain
    By cooper in forum Windows
    Replies: 12
    Last Post: 31st July 2012, 08:00 PM
  2. Laptop not adding to domain
    By ndavies in forum Wireless Networks
    Replies: 8
    Last Post: 17th April 2008, 06:31 PM
  3. DNS on Nix box
    By mattx in forum Windows
    Replies: 6
    Last Post: 22nd October 2007, 11:55 AM
  4. Adding new server to domain as DC
    By dezt in forum Wireless Networks
    Replies: 2
    Last Post: 13th July 2007, 10:09 AM
  5. Adding a Exchange 2007 box to our domain
    By tosca925 in forum How do you do....it?
    Replies: 10
    Last Post: 7th June 2007, 08:15 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •