On Mon, Sep 23, 2002 at 12:21:57PM -0500, Furnish, Trever G wrote: > Were you following instructions that told you to take those steps? If so, > where are those instructs so we can start from the same page.
Actually, I was not following any web page. I had been fiddling with several methods of authenticating RH linux against windows NT/2000 servers when I checked the actual contents of /etc/pam.d/system-auth and found this notice at the top of the file: [jgostlin@jgostling pam.d]$ more system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. So, I run authconfig and found the relevant options. > I'd like to do the same thing...well, sort of... but I got lucky for now > because the active directory domain I'm authenticating into is still > providing a PDC emulator for older (non-win2k) systems. Thus the > authentication I'm doing against AD is actually not using kerberos at all. Never mind about it. My servers are Win2K in native mode. The step by step process I used is the following: 1. Run authconfig (asks for root password, so make sure you are connected on a secure line, like ssh or a vpn). 2. On the first page, make sure that no check boxes are checked (I might change this advice regarding the "Cache Information" entry once I play more with this beast). 3. Punch the "Next" button. 4. You probably already have "Use Shadow Passwords" and "Use MD5 Passwords" checked from installation. Now check "Use SMB Authentication" and uncheck "Use LDAP Authentication" and "Use Kerberos Authentication". 5. Fill your Workgroup/Domain name and your authentication server(s) (up to two servers AFAIK). 6. Punch the "Ok" button. 7. Create local accounts with the same username as the windows accounts. Leave the password field in /etc/shadow with an invalid entry (!!). 8. Test logging in on a second connection (or console). You may have to change this a bit, since I did it on a 7.3 box and you have a 7.2 system. Please let me know if you run into any problems, because I have to set this up in some production boxes soon, and those are 7.2. Cheers, -- Javier Gostling Ingeniero de Sistemas Virtualia S.A. [EMAIL PROTECTED] Fono: +56 (2) 202-6264 x 130 Fax: +56 (2) 342-8763 Av. Kennedy 5757, of 1502 Las Condes Santiago Chile
msg89039/pgp00000.pgp
Description: PGP signature
