Talk:Active Directory Integration

From ArchWiki
Revision as of 11:17, 16 May 2013 by Queljin (Talk | contribs)

Jump to: navigation, search

This article was first published on Feb 6th, 2012 based on a previous wiki page called "Arch_Server_and_Active_Directory".

When I follow these instructions, the pam configuration is way different, I end up having to guess that the instructions mean /etc/pam.d/system-auth. Additionally, since the ticket granting ticket expires and winbindd fails to renew it, and since the max lifetime is 7 days anyway, basically the system becomes unable to log in to after a restart. I end up having to mount the arch linux drive in another system, or boot from the install cd, and remove the references to winbind from /etc/nsswitch.conf before I can log into the system again after this happens. Also, testparm complains that idmap uid and idmap gid are deprecated, and that template primary group is an unknown parameter.

Perhaps someone who knows what the hell they're doing with Samba and Kerberos AD integration might want to update this documentation, because I don't know how to fix it, nor can I find any useful documentation in any of my Google searches. (Redscourge (talk) 20:42, 8 March 2013 (UTC))

I have found a forum post about this issue, located here: Also that was not enough by itself, I have made a few changes to my system-login to get sound and graphics (among other things) working (which you can find here: By using "idmap config * : range = 10000-33554431" or to control each domain "idmap config DOMAIN : range = 10000-33554431" syntax, you can resolve idmap uid/gid deprecated messages. I'm still stuck on offline logins though. If you follow the instructions, you won't be able to log in without a working AD connection. --Queljin (talk) 15:56, 15 May 2013 (UTC)