Difference between revisions of "Talk:Active Directory Integration"

From ArchWiki
Jump to: navigation, search
 
(7 intermediate revisions by 6 users not shown)
Line 1: Line 1:
I checked this howto, and have some minor issues.
+
This article was first published on Feb 6th, 2012 based on a previous wiki page called "Arch_Server_and_Active_Directory".
  
- the pam configuration left me unable to login. You are well adviced to keep a backup, and check login inside an additional terminal session, before rebooting.
+
When I follow these instructions, the pam configuration is way different, I end up having to guess that the instructions mean /etc/pam.d/system-auth. Additionally, since the ticket granting ticket expires and winbindd fails to renew it, and since the max lifetime is 7 days anyway, basically the system becomes unable to log in to after a restart. I end up having to mount the arch linux drive in another system, or boot from the install cd, and remove the references to winbind from /etc/nsswitch.conf before I can log into the system again after this happens. Also, testparm complains that idmap uid and idmap gid are deprecated, and that template primary group is an unknown parameter.
  
- I can check my ad accounts with kinit, and the result is they get locked. Therefore, my maschine has contact to the ad, adresses the right account, but the pasword that is delivered is somehow wrong. Maybe encrypted / unencrypted.
+
Perhaps someone who knows what the hell they're doing with Samba and Kerberos AD integration might want to update this documentation, because I don't know how to fix it, nor can I find any useful documentation in any of my Google searches. ([[User:Redscourge|Redscourge]] ([[User talk:Redscourge|talk]]) 20:42, 8 March 2013 (UTC))

Revision as of 20:47, 8 March 2013

This article was first published on Feb 6th, 2012 based on a previous wiki page called "Arch_Server_and_Active_Directory".

When I follow these instructions, the pam configuration is way different, I end up having to guess that the instructions mean /etc/pam.d/system-auth. Additionally, since the ticket granting ticket expires and winbindd fails to renew it, and since the max lifetime is 7 days anyway, basically the system becomes unable to log in to after a restart. I end up having to mount the arch linux drive in another system, or boot from the install cd, and remove the references to winbind from /etc/nsswitch.conf before I can log into the system again after this happens. Also, testparm complains that idmap uid and idmap gid are deprecated, and that template primary group is an unknown parameter.

Perhaps someone who knows what the hell they're doing with Samba and Kerberos AD integration might want to update this documentation, because I don't know how to fix it, nor can I find any useful documentation in any of my Google searches. (Redscourge (talk) 20:42, 8 March 2013 (UTC))