How to make Enterprise Login in Fedora 26 work with Active Directory

asked 2017-04-09 15:38:01 -0500

sobek gravatar image

Hi,

at first a summary of environment:

  • We want to migrate away from the 'NIS Server' of 'Microsoft Windows Server 2008 R2'.
  • We want to replace 'Microsoft Windows Server 2008 R2' with 'Microsoft Windows Server 2012 R2'.
  • Account information (login name, UID, GID, home directory, shell, email address) is in 'Microsoft Active Directory Domain Service' as user account attributes.
  • We want to avoid installation of a second directory server, i.e. FreeIPA. We just want to keep it simple. I have not properly tested FreeIPA, yet.
  • We are using Fedora 24. We will upgrade to Fedora 26.

My test environment consists of:

  • Fedora 26 x86_64 alpha
  • Windows Server 2012 R2 x64

I tried the 'Enterprise Login' feature offered by GNOME and tinkered for two days to no avail. All information I could find does not seem to apply, due to Fedora 26 being too new. :) Please, give me pointers how to make the 'Enterprise Login' work.

I could not join the Windows Active Directory domain using the 'Enterprise Login' GUI:

All Settings -- Users -- [Unlock] -- [Add User...] -- [Enterprise Login]

The error message is:

Failed to log into domain

Couldn't connect to the test.local domain: Cannot contact any KDC for realm 'TEST.LOCAL'

[Close]

Using CLI I can join ADDS with realm join.

Afterwards I can get tickets with kinit and they are listed with klist.

But I cannot switch to user accounts from ADDS with su 'TEST\Administrator' or log in at login screen.

Here is what I did:

Microsoft Windows Server installation

File used for installation: 9600.16384.winbluertm.130821-1623x64freserverevalen-us-irmsssx64freeen-us_dv5.iso

details of installation: Select the operating system you want to install: Windows Server 2012 R2 Standard Evaluation (Server with a GUI) x64

-custom install: if present, delete partitions
-click [Next] several times
-specify password of '.\Administrator'

first login

Network
Do you want to find PCs, devices, and content on this network, and automatically connect to devices like printers and TVs?
We recommend that you do this on your home and work networks.
[Yes]

set static IP and DNS address; disable IPv6

  • Server Manager -- Local Server -- click on text to the right of 'Ethernet'
  • right mouse button click on Adapter -- Properties
  • select '[x] Internet Protocol Version 4 (TCP/IPv4)' -- [Properties] -- General:
    • |x| Use the following IP address:
    • IP address: 192.168.122.216
    • Subnet mask: 255.255.255.0
    • Default gateway: 192.168.122.1
    • |x| Use the following DNS server addresses:
    • Preferred DNS server: 192.168.122.216
    • [OK]
  • set '[] Internet Protocol Version 6 (TCP/IPv6)'
  • [Close]

set local computer name

  • Server Manager -- Local Server -- click on text to the right of 'Computer name'
  • Computer Name -- [Change...] -- Computer name: ws2012r2
  • [OK] -- [Close] -- [Restart Now]

install ADDS

# ignore this section, if it is your first DC
# if ADDS already installed and using own domain, demote  first
#Server-Manager -- Manage -- Remove Roles and Features -- select server -- [] Active Directory Domain Services
#in popup-window click [Remote Features] -- [Demote this domain controller]
# join existing ADDS ...
(more)
edit retag flag offensive close merge delete