I found the following URLs to be very helpful in joining Linux systems
to our Windows 2003 AD domain:

http://www.planetmy.com/blog/?p=248
http://blogs.sun.com/tkblog/entry/integrating_linux_with_active_director
y

Andrew Philipoff
Programmer Analyst
Information Technology Services
Department of Medicine
University of California, San Francisco
Phone: 415-476-1344
Help Desk: 415-476-6827


-----Original Message-----
From: rhelv5-list-bounces@(protected)
[mailto:rhelv5-list-bounces@(protected)
[MindWorks]
Sent: Tuesday, January 29, 2008 9:17 AM
To: Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list
Subject: RE: [rhelv5-list] Red Hat Server user authentication
againstWindowsdomain.

Make sure you have the latest krb5 libs installed, too... there have
been some recent fixes related to talking to a Windows domain.

Kevin

-----Original Message-----
From: rhelv5-list-bounces@(protected)
[mailto:rhelv5-list-bounces@(protected)
Sent: Tuesday, January 29, 2008 8:46 AM
To: Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list
Subject: Re: [rhelv5-list] Red Hat Server user authentication against
Windowsdomain.

Marthinus wrote:
> We have a Windows Small Business Server 2003 which our windows
> workstations authenticate against.
>
> I would like to configure our Red Hat Servers to also authenticate the
> users against the Small Business Server domain using their domain
logons.
>
> I was thinking about using LDAP to retrieve the user's information and
> Kerberos for the user authentication since it seems to be better
suited
> than LDAP for authentication.
>
> I have tried to set it up on a test machine but have failed to get it
> working.
>
> Which of these would be the best for retrieving the user information?
> LDAP, Winbind
>
> Which of these would be the best for the user authentication?
> Kerberos, LDAP, SMB, Winbind
>
> What would the configuration files look like or what entries should I
> check for?
>
> Any help on this will be appreciated as I have very little experience
> regarding shared logons.
>
> Thanks in advance.
>  
Try one at a time.

for example, try kerberos first. tweak your /etc/krb5.conf file to point
to the AD/SBS as the KDC and see if you can "kinit user@(protected)
run "klist" to see if you got tickets.

You may need to check the box for DES encryption for user in Active
Directory.

I recommend "Kerberos: The definitive guide" from O'reilly. It talks
about having unix talk to windows using kerberos and vice versa.

You might also try the kerberos mailing list at
https://mailman.mit.edu/mailman/listinfo/kerberos

Sincerely,
Jason

_______________________________________________
rhelv5-list mailing list
rhelv5-list@(protected)
https://www.redhat.com/mailman/listinfo/rhelv5-list

_______________________________________________
rhelv5-list mailing list
rhelv5-list@(protected)
https://www.redhat.com/mailman/listinfo/rhelv5-list


_______________________________________________
rhelv5-list mailing list
rhelv5-list@(protected)
https://www.redhat.com/mailman/listinfo/rhelv5-list