Hello,
I've configured my fedora installation for authentication against the local ads. It works fine on the command line
i've installed the following packages : sssd oddjob oddjob-mkhomedir adcli samba-common samba-winbind-clients krb5-workstation
I checked if the realm could be found realm discover -v <realm>
Which yielded the correct info
then joined the realm with : realm join -v -U<adminaccount> --client-software=sssd <realm> The realm join with realms worked fine
getent passwd <realm><user>
yields the proper information
kinit <user>@<realm>
also works
however, I can't seem to login to the domain using the kde login screen.
Does anybody have any ideas ?
And for bonus points, how to tell kde to show an extra field for the domain name on the login screen. (now it shows a field for login and one for password, I know it's possible to show a third for the domain, but don't know how)
Cheers Rob
On 09/13/2013 07:42 AM, Rob Verduijn wrote:
Hello,
I've configured my fedora installation for authentication against the local ads. It works fine on the command line
i've installed the following packages : sssd oddjob oddjob-mkhomedir adcli samba-common samba-winbind-clients krb5-workstation
I checked if the realm could be found realm discover -v <realm>
Which yielded the correct info
then joined the realm with : realm join -v -U<adminaccount> --client-software=sssd <realm> The realm join with realms worked fine
getent passwd <realm><user>
yields the proper information
kinit <user>@<realm>
also works
however, I can't seem to login to the domain using the kde login screen.
Can you login at the console?
ALT-F2, login there.
I suspect not, but it might give you more information that way.
-- rex
Hi,
nope
not at the console nor at the kde-login
I've been trying all kinds of logins
user user@EXAMPLE.DOMAIN user@example.domain EXAMPLE.DOMAIN/user EXAMPLE.DOMAIN//user example.domain/user example.domain//user EXAMPLE.DOMAIN\USER EXAMPLE.DOMAIN\USER
all fail
Rob
2013/9/13 Rex Dieter rdieter@fedoraproject.org:
On 09/13/2013 07:42 AM, Rob Verduijn wrote:
Hello,
I've configured my fedora installation for authentication against the local ads. It works fine on the command line
i've installed the following packages : sssd oddjob oddjob-mkhomedir adcli samba-common samba-winbind-clients krb5-workstation
I checked if the realm could be found realm discover -v <realm>
Which yielded the correct info
then joined the realm with : realm join -v -U<adminaccount> --client-software=sssd <realm> The realm join with realms worked fine
getent passwd <realm><user>
yields the proper information
kinit <user>@<realm>
also works
however, I can't seem to login to the domain using the kde login screen.
Can you login at the console?
ALT-F2, login there.
I suspect not, but it might give you more information that way.
-- rex
kde mailing list kde@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/kde New to KDE4? - get help from http://userbase.kde.org
On Friday, September 13, 2013 03:29:30 PM Rob Verduijn wrote:
Hi,
nope
not at the console nor at the kde-login
I've been trying all kinds of logins
user user@EXAMPLE.DOMAIN user@example.domain EXAMPLE.DOMAIN/user EXAMPLE.DOMAIN//user example.domain/user example.domain//user EXAMPLE.DOMAIN\USER EXAMPLE.DOMAIN\USER
all fail
Rob
Have you tried user\example.domain?
2013/9/13 Rex Dieter rdieter@fedoraproject.org:
On 09/13/2013 07:42 AM, Rob Verduijn wrote:
Hello,
I've configured my fedora installation for authentication against the local ads. It works fine on the command line
i've installed the following packages : sssd oddjob oddjob-mkhomedir adcli samba-common samba-winbind-clients krb5-workstation
I checked if the realm could be found realm discover -v <realm>
Which yielded the correct info
then joined the realm with : realm join -v -U<adminaccount> --client-software=sssd <realm> The realm join with realms worked fine
getent passwd <realm><user>
yields the proper information
kinit <user>@<realm>
also works
however, I can't seem to login to the domain using the kde login screen.
Can you login at the console?
ALT-F2, login there.
I suspect not, but it might give you more information that way.
-- rex
kde mailing list kde@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/kde New to KDE4? - get help from http://userbase.kde.org
kde mailing list kde@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/kde New to KDE4? - get help from http://userbase.kde.org
user\example.domain is new for me. it did not work.
Rob
2013/9/13 Lester M. Petrie Jr. petrielmjr@ornl.gov:
On Friday, September 13, 2013 03:29:30 PM Rob Verduijn wrote:
Hi,
nope
not at the console nor at the kde-login
I've been trying all kinds of logins
user user@EXAMPLE.DOMAIN user@example.domain EXAMPLE.DOMAIN/user EXAMPLE.DOMAIN//user example.domain/user example.domain//user EXAMPLE.DOMAIN\USER EXAMPLE.DOMAIN\USER
all fail
Rob
Have you tried user\example.domain?
2013/9/13 Rex Dieter rdieter@fedoraproject.org:
On 09/13/2013 07:42 AM, Rob Verduijn wrote:
Hello,
I've configured my fedora installation for authentication against the local ads. It works fine on the command line
i've installed the following packages : sssd oddjob oddjob-mkhomedir adcli samba-common samba-winbind-clients krb5-workstation
I checked if the realm could be found realm discover -v <realm>
Which yielded the correct info
then joined the realm with : realm join -v -U<adminaccount> --client-software=sssd <realm> The realm join with realms worked fine
getent passwd <realm><user>
yields the proper information
kinit <user>@<realm>
also works
however, I can't seem to login to the domain using the kde login screen.
Can you login at the console?
ALT-F2, login there.
I suspect not, but it might give you more information that way.
-- rex
kde mailing list kde@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/kde New to KDE4? - get help from http://userbase.kde.org
kde mailing list kde@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/kde New to KDE4? - get help from http://userbase.kde.org
-- Lester M Petrie RNSD/ORNL 865-574-5259 petrielmjr@ornl.gov _______________________________________________ kde mailing list kde@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/kde New to KDE4? - get help from http://userbase.kde.org
On Friday, September 13, 2013 04:33:53 PM Rob Verduijn wrote:
user\example.domain is new for me. it did not work.
Ofcourse not, possible login to a AD domain should be afaik
USERNAME USERNAME@example.domain example.domain\USERNAME
(USERNAME needs not be in uppercase)
But apart from that, please post the solution, it would be interesting for future use =)
/M.
I think rex is right about the problem not being kde, I can't seem to login using winbind credentials via console/ssh either.
And I've spotted this error in the logs :
[sssd[ldap_child[1827]]]: Failed to initialize credentials using keytab [default]: Preauthentication failed. Unable to create GSSAPI-encrypted LDAP connection. [sssd[ldap_child[1827]]]: Preauthentication failed [sssd[ldap_child[1828]]]: Failed to initialize credentials using keytab [default]: Preauthentication failed. Unable to create GSSAPI-encrypted LDAP connection. [sssd[ldap_child[1828]]]: Preauthentication failed
Which indicate its something with sssd/ldap/winbind/pam. Still digging, there are multiple hits in google.
Cheers
2013/9/16 Martin Skjöldebrand shieldfire@gmail.com:
On Friday, September 13, 2013 04:33:53 PM Rob Verduijn wrote:
user\example.domain is new for me. it did not work.
Ofcourse not, possible login to a AD domain should be afaik
USERNAME USERNAME@example.domain example.domain\USERNAME
(USERNAME needs not be in uppercase)
But apart from that, please post the solution, it would be interesting for future use =)
/M.
Martin Skjöldebrand www.skjoldebrand.org 0707948667 ### PGP-key available on request ### _______________________________________________ kde mailing list kde@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/kde New to KDE4? - get help from http://userbase.kde.org
Then it's not a kde-specific issue, I'd suggest ask elsewhere for better help, say on https://admin.fedoraproject.org/mailman/listinfo/users
-- rex
Rob Verduijn wrote:
Hi, nope not at the console nor at the kde-login
Can you login at the console?
ALT-F2, login there.
I suspect not, but it might give you more information that way.
-- rex
kde mailing list kde@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/kde New to KDE4? - get help from http://userbase.kde.org
kde mailing list kde@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/kde New to KDE4? - get help from http://userbase.kde.org
-
Lester M Petrie -
Martin S -
Rex Dieter -
Rex Dieter -
Rob Verduijn