Authenticate SLE 11 Linux to Active Directory via LDAP
This document (7007735) is provided subject to the disclaimer at the end of this document.
Environment
SUSE Linux Enterprise Desktop 11
SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 11
Situation
Need to authenticate SLE 11 with Active Directory
Resolution
On Active Directory Side
- In Windows AD go to Control Panel | Add and Remote Programs | Add and Remove Windows Components.
- Select Active Directory Services go to Details and install the"Identity Management for UNIX" component.
- Under Active Directory Users and Computers | Computers container, create a new object of type Computer with the same hostname of the Linux which is trying to authenticate to AD.
- Make sure the Hostname and Domain name in the /etc/hosts file is correct.
- Ensure Firewall is disabled.
- Browse to yast2 | Network Settings | Hostname/DNS and enter the IP address of server running DNS on AD side.
- Open Terminal and type nslookup <domain name> the output should be like
root# nslookup <domain>.com
Server: 192.168.98.1
Address: 192.168.98.1#53
Non-authoritative answer:
Name: <domain>.com
Address: <IP_address>
- Browse yast2 | Windows Domain Membership.
- Type in the Domain name in the "Domain or Workgroup" text box and select "Also User SMB information for Linux Authentication" and "Create Home Directory on Login".
- Select Expert options take down the UID and GID range.
- Ensure the time is in sync between the Server running Active Directory and the Linux Workstation and click OK.
- When prompted for the Administrator Password type in the Administrator password.
- If prompted to install packages samba-winbind and krb5-client then install them.
- Under yast2 | User and Group Management go to Authentication Settings tab and select LDAP.
- Select "UseLDAP" under User Authentication.
- Type IP of AD server in Address of LDAP Servers in LDAP Client section.
- Uncheck the LDAP TLS/SSL option and do a Fetch DN (To check the LDAP connectivity).
- You should be able to get the list of containers from the AD server ensuring that the Linux is able to connect to the server running AD.
- Check the LDAP TLS/SSL option.
- Go to Advanced Configuration and select the Administration Settings tab.
- Type in the Administrator DN (cn=Administrator,cn=Users,dc=<domain>,dc=com) and say OK.
- Click OK inLDAP Client Configuration window and if prompted to install any packages say yes and proceed.
- In Authentication Settings tab we can see under LDAP "Client Enabled: Yes" and under Samba"Authentication with SMB: Yes".
- Say OK and exit out the window.
- For the user that is logging in from Linux should have UNIX Attributes tab populated in AD with the UID and GID in the range that was taken down in the step 7, if GID is not there provide one from the range.
- From the Linux on the gnome or KDE login page select the Domain Name and login to the Linux with the AD user's username and password.
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7007735
- Creation Date: 31-Jan-2011
- Modified Date:21-Dec-2021
-
- SUSE Linux Enterprise Desktop
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com
