6
2
I want to authenticate via Active Directory on a CentOS 6.4 server.
wbinfo -u
and wbinfo -g
display the domain users/groups. Authentication via wbinfo -a DOMAIN+user
works. Authentication via kinit user
works.
But for some reason, getent passwd
and getent group
only display local users/groups. I have found a lot of forum posts about this topic, but none provided a working solution.
Here is my /etc/samba/smb.conf
:
[global]
workgroup = DOMAIN
realm = DOMAIN.LOCAL
security = ADS
max log size = 50
template shell = /bin/bash
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
idmap config DOMAIN : schema_mode = rfc2307
idmap config DOMAIN : range = 10000000-29999999
idmap config DOMAIN : default = yes
idmap config DOMAIN : backend = ad
idmap config * : range = 20000-29999
idmap config * : backend = tdb
/etc/krb5.conf
:
[libdefaults]
default_realm = DOMAIN.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
DOMAIN.LOCAL = {
kdc = ADSERVER.DOMAIN.LOCAL
admin_server = ADSERVER.DOMAIN.LOCAL
}
/etc/nsswitch.conf
:
passwd: files winbind
shadow: files winbind
group: files winbind
The AD server runs Windows Small Business Server 2008.
What additional configuration on the AD server? – AWippler – 2014-05-08T16:31:08.067
@AWippler I am not sure because it wasn't what I needed anyway; this might help: https://www.samba.org/samba/docs/man/manpages/idmap_ad.8.html
– jgillich – 2014-05-08T18:24:25.977My time sync was off. That is why i was having the same issue you were. – AWippler – 2014-05-08T18:26:21.840