All Questions
Tagged with active-directory linux
340 questions
0
votes
0
answers
44
views
Authenticate users from Windows AD trusted domain "test.com", by Windows AD trusting domain "test-dmz.com" (outgoing trust), on Linux client by SSSD
I have a primary Windows AD domain "test.com" and another Windows AD domain "test-dmz.com" for machines in a secure network and configured an outgoing trust to "test.com"....
- 1
0
votes
1
answer
116
views
Kerberos forwarding with hosts not in KDC
My org is running Active Directory which uses Kerberos for authentication. I have a group of linux computers that are not permitted to be joined to AD. For user authentication, I setup kerberos and ...
- 187
1
vote
1
answer
3k
views
SSSD failing to start
I have installed SSSD in SUSE Linux for managing AD access. But for some reason, SSSD is not starting after joining to AD.
I have gone through almost every piece of documentation available.
Can ...
1
vote
0
answers
293
views
adcli - How to join domain with hostname longer than 20 characters?
I'm trying to join my domain, but the server joining has a hostname longer than 20 characters which apparently is too long for the samAccountName-parameter in AD. The join request itself uses adcli to ...
- 6,320
0
votes
1
answer
614
views
Cross-realm Kerberos/SPNEGO configuration with multiple domain controllers and multiple application servers
I am currently struggling to scale my one-to-one simple Kerberos/SPNEGO configuration for multi-server environment and looking for some help.
Let's say
I have two Active Directory domains and two ...
- 1
0
votes
2
answers
137
views
Using Active Directory only for authenticating logins
Unlike: Linux + Active directory authentication + only letting certain groups login
Which is a full AD solution for Linux, limited to groups.
What I want is:
A simple way a random internal Linux box ...
- 101
0
votes
1
answer
197
views
AD Domain joined linux server equivalent of NLA
First, some background.
Today, if you're in a mostly-Windows Server AD environment with just a small number of linux servers, you have a choice for authenticating to the servers via SSH:
Manage the ...
- 13.1k
0
votes
0
answers
1k
views
Linux login from Active Directory domain with two-way trust
I don't have much experience in linux tools for infrastructure and authentication with Active Directory.
I'm configuring authentication to AD on Ubuntu 22.04. The structure we use is as follows:
we ...
0
votes
1
answer
1k
views
Is there any working Apache module to implement NTLM on Ubuntu Server
I am trying to configure NTLM authentication for an internal site running on Apache/Ubuntu Jammy. I was able to implement LDAP authentication. Still, I want to make the login/auth process smooth as ...
- 11
3
votes
1
answer
1k
views
Cross domain authentication with transitive forest trust for linux
I have two domains -- one for dev and one for corp.
I can join a Windows machine to the dev domain and login as a corp user because of the transitive forest trust. I can join a Linux machine to the ...
0
votes
1
answer
1k
views
Domain user directory being created as /home/username@domain instead of /home/username
I am using an amazon linux 2023 box and i joined the instance to domain using realmd.
The issue is that when i try to login with my AD credentials, the user directory is being created as /home/...
- 167
0
votes
1
answer
760
views
LDAP users to share a single SFTP folder on Linux
I need to setup a file transfer linux server. All users login via sftp using active directory credentials.
I want all users to when logged into see a single directory /ftp-storage
In the /ftp-storage ...
- 235
0
votes
1
answer
425
views
Linux, Basic password authentication against 2 different AD without joining domain
We have AIX and Linux servers running with basic password authentication against a Windows AD using Kerberos, so it are local users with a username identical to their sAMAccountName in the AD and all ...
- 1
0
votes
1
answer
1k
views
Filter groups that SSSD receives from AD server
We've got two Ubuntu 22.04 servers that use Kerberos and SSSD to authenticate users against an AD server. This works great.
The servers also have a GlusterFS volume that holds the user's home ...
- 1
1
vote
1
answer
1k
views
Get the SID of a Linux computer joined to a windows AD domain
With realmd you can integrate Linux servers into AD much easier. It sets up SSSD and Kerberos locally, and it creates all of the necessary objects in AD.
Now I search for a command I can run on the ...
0
votes
1
answer
3k
views
Ubuntu 20.04 refuses to sync time with Windows AD, how to trouble shoot?
I am trying to sync a Ubuntu 20.04 client to a Windows AD time server. But time will never sync. Here is what I know so far:
Windows server is listening on port 123 for NTP, and replies to requests.
...
- 396
-1
votes
1
answer
40
views
How should I design my 'public' network of an project?
I'm thinking about doing some online projects as a Developer/IT Technician, and I have some concerns regarding security.
I'm unable to host my servers locally for my project and I thought why not to ...
- 1
0
votes
1
answer
711
views
Samba Winbind - Windows Server AD - Users are able to see each other's home directories
I'm running AlmaLinux and Samba Winbind joined into Windows Server 2019 AD. The domain users have home directories and a pccommon directory (shared folder).
When I create a new domain user in the ...
- 99
0
votes
0
answers
363
views
Active Directory User Accounts not loading environment variables from /etc/profile and /etc/bashrc
I have Rocky Linux 8.6 server that is joined to Active Directory and I can login to it with AD accounts. I have also mounted a NFS drive to the server. The home directories for AD accounts have been ...
- 1
2
votes
0
answers
531
views
Using Linux tools to allow a user in a domain to access only certain computers
I ran samba-ad-dc domain controller on Debian Bullseye. No problem to create users and groups, organizational units, etc and to join windows or Linux computers to domain. But there is other task: On ...
0
votes
2
answers
2k
views
windows client can't join samba domain anymore [closed]
DISCLAMER:
I'm still trying to fully learn and understand how to properly maintain a samba domain controller.
The Problem:
I had a working samba installation with AD controlle but now, just a month ...
- 13
0
votes
1
answer
492
views
Access kerberized ressources from cron job using a keytab
I'm on Ubuntu 22.04 which is joined to an Active Directory 2016 by sssd. I have access to several network ressources through kerberos: file shares, oracle and postgres databases. All is good. But I ...
- 111
0
votes
1
answer
2k
views
Linux AD - Machine Account Name not updating on Domain Controller when Changing Hostname
I have some Alma 8 boxes which are integrated into Windows Active Directory (2012 R2) for user authentication using SSSD, using net ad (as opposed to realmd) for the domain join, for historic reasons. ...
- 119
3
votes
0
answers
3k
views
adcli update does not save Kerberos ticket with new kvno
New Kerberos ticket of computer account is found by adcli update but not saved in keytab file.
adcli update --domain=example.org -v
The output "Retrieved kvno '4' for computer account" ...
- 712
0
votes
1
answer
1k
views
What is missing from sssd.conf so that linux UID isn't being copied into AD user's uid attribute?
SSSD 1.16.5, centos 7
For domain joined Linux systems, I have to manually set their uidNumber or uid AD attribute to their Linux UID so that users can write on world-writable NFS shares.
uid/uidNumber ...
- 137
0
votes
1
answer
84
views
Windows users can create files in world-writable Qumulo NFS share but Linux users cant
I have a Windows domain and a domain joined Windows client and a domain joined SSSD Linux client
The Qumulo storage array is serving a share I'm looking at here and contains mostly world writable ...
- 137
0
votes
1
answer
819
views
Apache - Active Directory LDAP authorization
I'm running Apache 2.4 on Fedora 34.
I've configured user authorization based on Active Directory usernames and passwords with "ldap_module" and "authnz_ldap_module" and this entry ...
- 21
0
votes
1
answer
2k
views
Nested AD group is not respected with SSSD
I have a domain joined server, configured with sssd.
In sssd.conf I use
ad_access_filter = (memberof=CN=CustomGroup,OU=Security Group,DC=company,DC=com)
This works well for users in CustomGroup but ...
- 1
0
votes
1
answer
445
views
Active Directory integration with Linux File System using Python
We have an Active Directory setup. We have a bunch of Linux servers where we create a folders/directory where we need to give only Users in specific AD groups permissions.
How do we create directories ...
- 685
0
votes
0
answers
192
views
Getting principal from AD on a linux machine
When a Linux client has joined (free)Ipa, for example, the user can run an ipa-getkeytab command to get a keytab for a principal.
Is there something equivalent for a Linux client that is AD-joined?
- 200
1
vote
2
answers
4k
views
Issues while adding CentOS EC2 to Windows AD
I am trying to add my CentOS EC2 machine to Windows AD.
My Windows Active Directory is configured on EC2 Instance in another account. There are two AD Instances (Multi-AZ) that are configured and ...
1
vote
0
answers
3k
views
Submitting CSR to Microsoft CA from linux bash best practice
Similar questions:
https://stackoverflow.com/questions/31283476/submitting-base64-csr-to-a-microsoft-ca-via-curl
The link above presents an answer but it is far too complicated for me.
Below is an ...
- 11
2
votes
2
answers
2k
views
Linux workstations only authenticate on one domain controller
I have 3 domain controllers
192.168.1.6 Server 2016 [PDC equivalent] Site 1
192.168.1.7 Server 2016 Site 1
192.168.31.10 Server 2016 Site 2
and a mix ...
- 191
1
vote
1
answer
361
views
Is it possible to set up an alias on an Active Directory domain controller Linux server? [closed]
We have a Red Hat Enterprise based Linux distro that is the domain controller for a bunch of Win 10 clients. Some clients are not in the right AD domain (they are on a former domain that was used ...
0
votes
1
answer
3k
views
Using AD server as NTP server for non-windows hosts (rhel hosts). ntpstat continues to state unsynchronized but ntpdate works. Is this possible?
We currently have an AD server that we are using as a time source.
Our AD server is setup to host time locally and the windows domain clients sync up to this machine fine. We have the firewall ...
- 219
2
votes
2
answers
7k
views
Point Realm Join command to a specific Active Directory Server under a local domain on a Linux Machine
Not sure if my title is confusing but, just wondering is there a way to point Realm Join command to a specific SRV Active Directory server that is a member ex. of mycompany.local domain?
Here's my ...
- 31
4
votes
1
answer
31k
views
No write permission on mounted CIFS drive
I'm on a Linux machine trying to mount an SMB share inside a big network via my Active Directory username:
mount -t cifs -o username=myuser,domain=mydomain //server/share /mount/path
After the ...
- 141
0
votes
0
answers
2k
views
OEL 8.3 SSSD AD Login issue
I am running Oracle Enterprise LINUX 8.3 . I am able to join my AD domain with an admin account but when I try to login to the server using the same credentials that I used to join the server to the ...
0
votes
0
answers
388
views
Vpn . Nps . Active directory . Strongswan ikev2
please help me
I configured a strongswan IKEV2 On Centos7 vps
and NPS and Active Directory for my authentication and accounting(radius) on windows server 2016 vps
when i want to connect to my ikev2 ...
- 1
0
votes
0
answers
2k
views
Ubuntu joining windows active directory issues
Im new to trying to get linux on active directory.
I got the linux pc to join the domain on the controller under computers the linux pc is listed with my other windows machines.
but on the linux pc I ...
- 101
1
vote
0
answers
873
views
Mounting Windows shares on Linux using cifs fails after CVE-2020-1472 update
A patch/update to Windows domain controllers to address the CVE-2020-1472 vulnerability at my organization is causing cifs-based mounting of shared drives to fail on Ubuntu Linux machines.
The Linux ...
- 111
2
votes
0
answers
139
views
AD group membership isn't always reflected
I have a problem regarding AD group membership not being always reflected on a Linux machine.
I have joined several CentOS 7.8 machines in my AD, based on Samba and Winbind. After the join, those ...
- 21
0
votes
1
answer
4k
views
Why am I getting the kerberos error "Failed to decrypt AP-REQ ticket"?
I'm trying to get SASL + OpenLDAP working over saslauthd to AD via kerberos. I've fired up saslauthd in debug mode and getting the error below in the trace log when I try to su to the LDAP account ...
- 3,844
1
vote
1
answer
619
views
Joining samba server into windows AD domain, but in DNS subdomain
We have a windows AD domain, let's say EXAMPLE.COM.
With corresponding DNS domain example.com
I want to have just a normal domain member. Ubuntu 20.04, Samba 4.11.6.
Its DNS name is already ...
0
votes
1
answer
411
views
How can I disable users in "domain admins" group from running sudo?
Hi we have a large company and have some Domain Admins who belong to the
id myadminuser
groups=101010(domain admins),
"domain admins" group.
I was surprised by default that the sudoers %...
- 137
0
votes
0
answers
1k
views
CentOS sssd: How to allow specific AD security group with space in the name to login while deny everything else?
People,
In CentOS v8 sssd: How to allow specific AD security group with space in the name to log in while denying everything else?
The AD security group is Domain Admins
I have tested the id but ...
- 1,335
0
votes
1
answer
2k
views
how do I change realm login format in sssd?
I'm trying to figure out how to change my realm login format to allow for lowercase but currently it just seems to work with uppercase?
realm list
domain
type: kerberos
realm-name: domain
domain-...
- 103
0
votes
2
answers
375
views
How to have only one login for multiple websites on the same linux machine?
I'm having multiple websites (like mediawiki, gitea and kanboard) and I'm thinking about making the login the same on all services.
But how do I do that?
I looked at AD but I read that it's Windows ...
- 1
2
votes
1
answer
3k
views
New users unable to ssh or su
All of a sudden, new users cannot ssh into our ubuntu servers. When attempting, the connection will just close. I tried doing an su with my test user who has never logged into the server before and I ...
- 99
0
votes
1
answer
607
views
Windows domain joined Linux server tries to authenticate to multiple AD controllers
i have set up a Debian Server and let i join our domain.
Our company has multiple domain controllers around europe.
I have installed Winbind, Samba, Kerberos5, PAM and Open SSL on this machine.
...
- 1