Monday, April 11, 2011

OpenSuSE 11.4 and Active Directory

OpenSuSE is the only major distribution that offers production-ready integration with Microsoft Active Directory.
When joining the domain you can get the following features:
- Logging in using using your Active Directory account.
- Offline login.
- When you browse to a network share using nautilus your credentials are automatically used. (You do not need to type your password again)

There are some prerequisites to make it work properly:
- Use a static IP address.
- Make sure your computer name (hostname) is resolvable by all AD server (That means you have to manually register your forward and reverse pointer on the DNS server)
- Make sure your time settings are correct. A clock skew of several minutes will cause login problems.

Once you have done this, start YaST and go to "Windows Domain Membership"
Enter your domain name (FQDN) and enable the 2 options.
When you press OK, YaST will automatically install the necessary packages and ask you for an account that has the privileges to add computers to AD. (Use you pre-windows 2000 logon credentials)


To make it even better work, disable the earlyxdm service otherwise your login manager (GDM) will not always show your AD account because winbindd was not started yet.

And finally, I do not want to show my default domain when opening a terminal, so I add a setting to the [global] parameters in /etc/samba/smb.conf file:
winbind use default domain = yes

Reboot and you are done!

1 comment:

  1. My openSUSE 11.4 is not auth.... I did everything...