Difference between revisions of "Talk:Active Directory Integration"

From ArchWiki
Jump to: navigation, search
m (moved Talk:Arch Server and Active Directory to Talk:Active Directory Integration: Poor naming convention. There is no distinction of an "Arch Server". Additionally, the original document will be improved bsaed on suggestion)
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
I added a link to the aur package
+
This article was first published on Feb 6th, 2012 based on a previous wiki page called "Arch_Server_and_Active_Directory".
-[[User:Wsduvall|Wsduvall]]
+
  
----
+
When I follow these instructions, the pam configuration is way different, I end up having to guess that the instructions mean /etc/pam.d/system-auth. Additionally, since the ticket granting ticket expires and winbindd fails to renew it, and since the max lifetime is 7 days anyway, basically the system becomes unable to log in to after a restart. I end up having to mount the arch linux drive in another system, or boot from the install cd, and remove the references to winbind from /etc/nsswitch.conf before I can log into the system again after this happens. Also, testparm complains that idmap uid and idmap gid are deprecated, and that template primary group is an unknown parameter.
  
I checked this howto, and have some minor issues.
+
Perhaps someone who knows what the hell they're doing with Samba and Kerberos AD integration might want to update this documentation, because I don't know how to fix it, nor can I find any useful documentation in any of my Google searches. ([[User:Redscourge|Redscourge]] ([[User talk:Redscourge|talk]]) 20:42, 8 March 2013 (UTC))
 
+
- the pam configuration left me unable to login. You are well adviced to keep a backup, and check login inside an additional terminal session, before rebooting.
+
 
+
- I can check my ad accounts with kinit, and the result is they get locked. Therefore, my maschine has contact to the ad, adresses the right account, but the pasword that is delivered is somehow wrong. Maybe encrypted / unencrypted.
+
 
+
----
+
 
+
I needed to install pam_pwcheck, as this did not seem to be part of my Arch installation. [[User:Jchung|Jchung]] 17:10, 14 July 2009 (EDT)
+
 
+
I needed to install pam_pwcheck as well. Amending the article as needed. [[User:Calvariae|Calvariae]] 11:44, 23 June 2011
+

Revision as of 20:47, 8 March 2013

This article was first published on Feb 6th, 2012 based on a previous wiki page called "Arch_Server_and_Active_Directory".

When I follow these instructions, the pam configuration is way different, I end up having to guess that the instructions mean /etc/pam.d/system-auth. Additionally, since the ticket granting ticket expires and winbindd fails to renew it, and since the max lifetime is 7 days anyway, basically the system becomes unable to log in to after a restart. I end up having to mount the arch linux drive in another system, or boot from the install cd, and remove the references to winbind from /etc/nsswitch.conf before I can log into the system again after this happens. Also, testparm complains that idmap uid and idmap gid are deprecated, and that template primary group is an unknown parameter.

Perhaps someone who knows what the hell they're doing with Samba and Kerberos AD integration might want to update this documentation, because I don't know how to fix it, nor can I find any useful documentation in any of my Google searches. (Redscourge (talk) 20:42, 8 March 2013 (UTC))