[K12OSN] K12LTSP/Fedora Authentication against Windows ADS

Rob Owens hick518 at yahoo.com
Wed Apr 19 00:04:27 UTC 2006 

Paul,

Thanks so much for the tutorial.  I tried it and it
worked.  I've got a few comments/corrections, mostly
to keep from confusing novices:

Typo in "Step 1: authconfig, Part I", last sentence
before the screenshot.  Should be "This is how your
authconfig should *look*".

Confusion in "Step 1: authconfig, Part II", after the
screen shot.  The screenshot shows it correct, but the
description says to use the FQDN in the "ADS Realm"
field.  I'm not positive about the terminology, but I
don't think it's a FQDN if it doesn't have the machine
name (the screenshot only shows the domain portion of
the FQDN).

Correction in "What is skel and umask?", skel section.
 /etc/skel is not actually empty (at least on my
system), it contains hidden files.

Correction in "What is skel and umask?", umask
section.  umask=0077 gives read/write/execute to the
owner only, and no permissions to group or others.  By
the way, lots of writeups I've seen refer to "owner",
but the chmod man page refers to "user".  This caused
me a lot of confusion when I was new to Linux, because
I had it stuck in my head that "chmod o+rwx" would
give the *owner* read/write/execute permissions, but
it actually gives it to *other*.

Step missing? in "Step 4: Joining the ADS".  I
followed your tutorial and was able to get results
with wbinfo -u, wbinfo -g, and wbinfo -a, but I found
that I needed to reboot my machine before it would
accept a login from an Active Directory user.  (My
machine is running CentOS 4).  Did I do something
wrong?  Was there a service I should have restarted in
order to avoid the reboot?  (I did restart Winbind as
instructed).

Thank you very very much for posting this tutorial.  I
had been struggling with this issue for a few weeks
before you posted it.

Question:  If I use CentOS's nice "authentication"
GUI, what steps from your tutorial could I omit?  I'm
assuming the authconfig part wouldn't need to be done,
and maybe editing the pam.d files, but I'm not sure. 
The reason I ask is because I'd like to pass this info
on to somebody who still has a slight bias towards
GUI's.

Thanks again!

-Rob



--- Paul VanGundy <vangundypw at sau14.k12.nh.us> wrote:

> All,
>  
> I have had several request for the tutorial on how
> to authenticate
> K12LTSP/Fedore Core against a Windows Active
> Directory Server so I have
> uploaded it to the wiki.ltsp.org site. The tutorial
> can be viewed by
> clicking on the following link:
>  
>
http://wiki.ltsp.org/twiki/pub/Ltsp/Documentation/k12ltspandadsauthenticatio
> n.pdf
>  
> As usual, I welcome all comments, questions,
> concerns and frustrations. No
> personal problems accepted. ;) Hope this tutorial
> helps all who are
> interested!
>  
> -Paul
>  
> --
> Paul VanGundy
> Information Technology Director
> Epping High School
> Epping Middle School
> P: 603.679.5472
> F: 603.679.2966
> vangundypw at sau14.k12.nh.us
> Registered Linux User #398783
>  
> > _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

More information about the K12OSN mailing list