> i was wondering if I could somehow make my suse (10) authenticate > versus my windows 2003 domain controller. I configured both ldap > client and kerberos client in Yast2. Authentication works (the > kerberos part).. but I still cannot log in because ldap isn't able to > fetch user account information from my active directory which is > because it's not using the kerberos credidentials to establish a > gssapi connection. > > So I set up shell/home information in /etc/passwd. No password. > Passwords are still being retrieved from the domain controller via > kerberos. Big surprise -> login works. If I now issue a ldapsearch > with the filter it already tried before (but with no valid bind) > "(&(objectclass=User)(msSFU30Name=testuser))" it starts a SASL/GSSAPI > authentication and successfully fetches the needed information. Why > doesn't ldap use gssapi on logins then.. or where can I tell it to use > it? Couldn't find any suitable option in Yast nor the config files > themselves.
I don't know about using doing this with ldap directly, but if you have Kerberos working and you've successfully joined your computer to the domain. You're really close. Let's test to make sure. Do the following as root from the command line: To test Kerberos: kinit administrator The above command will prompt for a password. Enter the password of your 2K3 domain administrator. If you have renamed your domain administrator account use the name instead with the kinit command. If you receive no errors Kerberos is working. To test winbind: wbinfo -g The above command should give you a list of groups in you Active directory. Try it with the -u switch to see a list of users. Let us know what your results are and we can help you further. Cheers, Daniel --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
