Hi Andrew, did you put the following in nsswitch.conf:
passwd: files ad group: files ad having joined to my samba4 AD controller ssh login works using putty and GSSAPI login (Kerberos token from AD login) using my windows user name - which has to exist in passwd or you use ldap client bindings to retrieve shell and so on. HTH, Marc On 17.09.2014, at 08:30, Predrag Zecevic [Unix Systems Administrator] <[email protected]> wrote: > Hi Martin, > > I guess that LDAP/Kerberos authentication depends on PAM setup, so take a > look (me, personally never used it on OI as server). > > HTH, > Regards > Predrag Zečević > > On 09/16/14 11:44 PM, Andrew Martin wrote: >> Hello, >> >> I have been attempting to follow this guide for setting up Active Directory >> authentication on OpenIndiana using LDAP+Kerberos: >> http://wiki.openindiana.org/oi/Kerberos+and+LDAP >> >> Note that this connecting to a Samba 4 Active Directory server. >> >> I am able to successfully view AD users via "getent passwd" and other tools >> that >> utilize the nsswitch hooks, however AD users are unable to login to the >> OpenIndiana server. I have read in a few places that the unixUserPassword >> field >> may be used for this purpose, however the above guide specifically instructs >> you >> to disable the "Password Sync" Windows component. Here's some more >> information >> on this field: >> http://blogs.technet.com/b/sfu/archive/2010/01/08/using-unixuserpassword-attribute-properly.aspx >> >> How does the LDAP+Kerberos method authenticate a user's password? What else >> can >> I do to debug this setup? I do not see any authentication errors in /var/log. >> >> Thanks, >> >> Andrew Martin >> >> _______________________________________________ >> openindiana-discuss mailing list >> [email protected] >> http://openindiana.org/mailman/listinfo/openindiana-discuss >> > > -- > Predrag Zečević, Technical Support Analyst, 2e Systems GmbH > > Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894 > Mobile: +49 174 3109 288, Skype: predrag.zecevic > E-mail: [email protected] > > Headquarter: 2e Systems GmbH, Königsteiner Str. 87, > 65812 Bad Soden am Taunus, Germany > Company registration: Amtsgericht Königstein (Germany), HRB 7303 > Managing director: Phil Douglas > > http://www.2e-systems.com/ - Making your business fly! > > [***]===--- > "Necessity is the mother of invention" is a silly proverb. "Necessity is the > mother of futile dodges" is much nearer the truth. -- Alfred North Whitehead > > _______________________________________________ > openindiana-discuss mailing list > [email protected] > http://openindiana.org/mailman/listinfo/openindiana-discuss _______________________________________________ openindiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss
