[FreeNX-kNX] Fwd: Re: How to change authentication to support AD?

Terje Andersen terander at guard.zapto.org
Tue Dec 13 11:20:20 UTC 2005 

Forgot to send this to the list also, in case someone else is interested...

    /Terje

----------  Forwarded Message  ----------

Subject: Re: [FreeNX-kNX] How to change authentication to support AD?
Date: Tuesday 13 December 2005 00:09
From: Terje Andersen <terander at guard.zapto.org>
To: Manuel Zach <loogaroo at gmail.com>

On Friday 09 December 2005 21:50, you wrote:
> Hello,
>
> Am Freitag, den 09.12.2005, 12:59 +0100 schrieb
>
> terander at guard.zapto.org:
> > Have anyone managed to get FreeNX/NXServer to allow users from MS Active
> > Directory to logon ? I've followed the various articles found through
> > google on how to enable users from AD to logon to a Linux client with
> > various results, and none really successful....
> >
> > It would be great stuff to add to the FreeNX FAQ on Berlios, and I'll
> > write a How-to there if I can manage to get it to work.
>
> I have a FreeNX Server with authentication against a rather complex
> AD-Service in production use.
> I use pam_winbind, and I'm pretty happy with it.
> I have documented it here:
> https://wiki.ubuntu.com/ActiveDirectoryWinbindHowto
>
> I also wrote https://wiki.ubuntu.com/ActiveDirectoryHowto, this solution
> is more complex and the quality of this How-To is not yet fine.
>
> Both are written for Ubuntu breezy and Windows 2003 Server, but it
> should also work for other distris.
>
> Please give me feedback whether the How-Tos are not good enough or if
> they could help you.
>
> cheers,
>
> Manuel Zach

Hi Manuel,

I promised you some feedback on your excellent Wiki (which was a great help
 to me!). Here's what I had to change to get my Kubuntu Breezy and to
authenticate successfully against Win2003 SP1:

added in /etc/krb5.conf:
#starts here
	default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 rc4-hmac
        default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
 rc4-hmac permitted_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
 rc4-hmac krb4_config = /etc/krb.conf
        krb4_realms = /etc/krb.realms
        kdc_timesync = 1
        ccache_type = 4
        forwardable = true
        proxiable = true

[login]
        krb4_convert = true
        krb4_get_tickets = true
#ends here

Thanks for your Wiki!

;-) Terje

-------------------------------------------------------

More information about the FreeNX-kNX mailing list