Quest of SUSE 10 with Server2k8 AD authentication

Danie Wessels Danie.Wessels at
Mon Feb 17 23:37:41 MST 2014

> OK. This is not going to get us anywhere with AD. I'm assuming again that your uid:gid numbers are stored in AD.
>  In this case, you will need to setup winbind as follows:
I will now look at this.

And you said for krb5.conf to try:
        default_realm = {Domain}
        dns_lookup_realm = false
        dns_lookup_kdc = true

Will do and report back.

>> What I need to know:
>> ====================
>> - *How to add (the proper/simple way) new users (like a user called enguser1) to this list (loginusers group on machine 1).* (This is a sublist of the AD users)
>>   - for interest sake. How does this authentication propagate to machine 2?
>>   I am at a loss to where I should add guid (or rids .. haha) or whatever.
>>   - I tried to just append enguser1 to the list in /etc/group. No luck.

> Unless you are the administrator you can't add users.
> Maybe you have an OU where you can?

I have access and may try only with permission from the powers that be.

> You will have to instruct the admin to add uidNumber and gidNumber to the DN of the users when they are created.

The users are already created on AD.
 - I want them on the loginusers group on machine1 - I think. (The loginusers group is only on machine 1.)
 - Just adding one did not work. Or I have to restart something?

> The admin probably uses ADUC to add the domain accounts so he should know about the Unix tab where he can add that information easily.

> Getting closer. Maybe a summary of:
> 1. What you have

Two VM machine copies of 2 physical machines that are connected to 2 domain controllers.
The PDC has 2 NICs and the DNS has a problem to remember the static IPs of the VMs.
 They try to revert back every hour to the IPs of the physical machines, but I now have a script for that every 5 minutes.

> 2. What state it is in

I, as can other users of the loginusers group, can login with our username (as AD user) NX remotely to either machine 1 or 2 and work on our same home folders, which is the home folder of machine 1 nfs share mounted on machine 2.
 Before DNS issues were addressed, this was no longer possible and in the process that I tried to follow I got stuck at the join fail - unaware of the DNS issues (and therefore also /etc/hosts change issues) - phew!

> 3. What you want to do next

I have to document how to add an existing AD user (let us say enguser1) to be able to login to either machine 1 or 2 and work on his home folder (which should be created upon first login), like myself and the other users which seem to be part of the loginusers group on machine 1.

> Remember, it's clear to you because it's real. For us, it's anything but!
You say that to me it's clear? Noooooo.... :^)

> Steve

Steve: I am not sure. Should I take this discussion off list? 
I initially did not expect this much of noise for the list.
>> - What information would you need to debug this setup? 

>> Then the next step for me is to switch back to the VM for machine 2 and still have it working.
That is working now. Apart from the DNS issues I am not sure if I had some other setting wrong before I reverted back to the old smb.conf (shame).

Danie W

The perusal, use, dissemination, copying or storing of this message or its attachments and the opening of attachments is subject to PBMR's standard email disclaimer available at internet address: - Disclaimer or on request from the sender.

More information about the samba-technical mailing list