Difference between revisions of "Talk:Active Directory Integration"

From ArchWiki
Jump to: navigation, search
(6 intermediate revisions by 4 users not shown)
Line 1: Line 1:
I added a link to the aur package
+
This article was first published on Feb 6th, 2012 based on a previous wiki page called "Arch_Server_and_Active_Directory".
-[[User:Wsduvall|Wsduvall]]
+
  
----
+
When I follow these instructions, the pam configuration is way different, I end up having to guess that the instructions mean /etc/pam.d/system-auth. Additionally, since the ticket granting ticket expires and winbindd fails to renew it, and since the max lifetime is 7 days anyway, basically the system becomes unable to log in to after a restart. I end up having to mount the arch linux drive in another system, or boot from the install cd, and remove the references to winbind from /etc/nsswitch.conf before I can log into the system again after this happens. Also, testparm complains that idmap uid and idmap gid are deprecated, and that template primary group is an unknown parameter.
  
I checked this howto, and have some minor issues.
+
Perhaps someone who knows what the hell they're doing with Samba and Kerberos AD integration might want to update this documentation, because I don't know how to fix it, nor can I find any useful documentation in any of my Google searches. ([[User:Redscourge|Redscourge]] ([[User talk:Redscourge|talk]]) 20:42, 8 March 2013 (UTC))
  
- the pam configuration left me unable to login. You are well adviced to keep a backup, and check login inside an additional terminal session, before rebooting.
+
:I have found a forum post about this issue, located here: https://bbs.archlinux.org/viewtopic.php?pid=1265595 Also that was not enough by itself, I have made a few changes to my system-login to get sound and graphics (among other things) working (which you can find here: https://bbs.archlinux.org/viewtopic.php?id=162649) By using "idmap config * : range = 10000-33554431" or to control each domain "idmap config DOMAIN : range = 10000-33554431" syntax, you can resolve idmap uid/gid deprecated messages. I'm still stuck on offline logins though. If you follow the instructions, you won't be able to log in without a working AD connection. --[[User:Queljin|Queljin]] ([[User talk:Queljin|talk]]) 15:56, 15 May 2013 (UTC)
 
+
- I can check my ad accounts with kinit, and the result is they get locked. Therefore, my maschine has contact to the ad, adresses the right account, but the pasword that is delivered is somehow wrong. Maybe encrypted / unencrypted.
+
 
+
----
+
 
+
I needed to install pam_pwcheck, as this did not seem to be part of my Arch installation. [[User:Jchung|Jchung]] 17:10, 14 July 2009 (EDT)
+

Revision as of 11:17, 16 May 2013

This article was first published on Feb 6th, 2012 based on a previous wiki page called "Arch_Server_and_Active_Directory".

When I follow these instructions, the pam configuration is way different, I end up having to guess that the instructions mean /etc/pam.d/system-auth. Additionally, since the ticket granting ticket expires and winbindd fails to renew it, and since the max lifetime is 7 days anyway, basically the system becomes unable to log in to after a restart. I end up having to mount the arch linux drive in another system, or boot from the install cd, and remove the references to winbind from /etc/nsswitch.conf before I can log into the system again after this happens. Also, testparm complains that idmap uid and idmap gid are deprecated, and that template primary group is an unknown parameter.

Perhaps someone who knows what the hell they're doing with Samba and Kerberos AD integration might want to update this documentation, because I don't know how to fix it, nor can I find any useful documentation in any of my Google searches. (Redscourge (talk) 20:42, 8 March 2013 (UTC))

I have found a forum post about this issue, located here: https://bbs.archlinux.org/viewtopic.php?pid=1265595 Also that was not enough by itself, I have made a few changes to my system-login to get sound and graphics (among other things) working (which you can find here: https://bbs.archlinux.org/viewtopic.php?id=162649) By using "idmap config * : range = 10000-33554431" or to control each domain "idmap config DOMAIN : range = 10000-33554431" syntax, you can resolve idmap uid/gid deprecated messages. I'm still stuck on offline logins though. If you follow the instructions, you won't be able to log in without a working AD connection. --Queljin (talk) 15:56, 15 May 2013 (UTC)