Author Topic: How using local and domain users authentication ??  (Read 3170 times)

^^Fenix^^

  • Zen Apprentice
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
How using local and domain users authentication ??
« on: November 24, 2010, 02:16:35 am »
Hi,

 How can I configure my ubuntu client to be able to authenticate with both local and domain users?
A friend me said to put this configuration in /etc/nsswitch.conf:
passwd: files compat winbind
shadow: files compat winbind
group:    files compat winbind

 
 But when I try with local user ( root or common user ) a message is shown: "Module is Unknown"
I am using Zentyal 2.02 version.

Thanks

^^Fenix^^

  • Zen Apprentice
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: How using local and domain users authentication ??
« Reply #1 on: November 26, 2010, 12:06:21 am »
No one ?

bamalam

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: How using local and domain users authentication ??
« Reply #2 on: November 27, 2010, 01:39:02 am »
I am trying to do the same thing. When I have found a solution I'll post it here as a reply to your question. However outlined below is some of my thoughts on how to solve the problem - people, please correct me if I am wrong.

The configuration changes you outlined seem to refer to winbind which is a method to bind user information as if you were talking to a Windows server. Samba provides the Linux file/printer sharing for Windows PCs but authentication (users and passwords) is separate and is usually handled by an LDAP server. This is the way it is in Zentyal so winbind may not be good way to go especially as it does not seem to have the relevant module installed on your system (if it is available at all on Ubuntu). So what we should want to do for a linux client is login using LDAP but also have access to the file shares created for use by Windows PCs.

I've never done something like this before but I can see that the LDAP server is listening on the ldaps port (636) of my Zentyal server so we should be able to use an authentication module that makes use of LDAP to authenticate from the server.

This will probably require the use of LDAP authentication module (probably libpam-ldap) configured to work with the login manager - usually gdm with Ubuntu. I presume we're going to have to modify configurations in /etc to point at the Zentyal server or can it automatically poll for available authentication servers?

Don't forget that our network interface will have to be connected automatically before logging on as a user. This could be tricky for wireless connections as they usually have a password that is associated with a user. Should be possible using configuration files in /etc to have a network available.

bamalam

rtechie

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: How using local and domain users authentication ??
« Reply #3 on: February 19, 2011, 01:05:12 am »
The solution is much more complicated.

As the other poster mentioned you have to configure pam_ldap and winbind on the client. This involves editing a bunch of config files on the clients.

Assuming you have a real Windows Server Active Directory server that you are authenticating against, I strongly recommend Likewise Open which is MUCH easier to use than winbind.