Auth to AD at Linux cli
-----------------------
2009-01-09

** not tested, needs to be run through and detailed



1. Downgrade Samba to 3.0.25b

2. stop winbind, samba, nscd

3. is where it gets tricky, since you run authconfig and fill in all the details

4. Turn on : Cache Information, Use LDAP, Use Winbind, Use MD5
                   pwd, use Shadow Pwd, use LDAP, Use SMB Auth, Use Winbind
                   Auth, Local Auth is sufficent

5. on the Next screen, give it the AD server and your base DN for LDAP

6. for Winbind, Security Model ads, fill in your domain, PDC, and ADS relam, click OK and you are done - it will modify smb.conf, ldap.conf, krb5.conf, system-auth

7. You will need to turn on "winbind use default domain" in smb.conf

8. and no, ad admin doesn't become root unless you give them sudo privs

9. you will also want to add "session optional /lib/security/$ISA/pam_mkhomedir.so" as the last line in /etc/pam.d/system-auth
	 this will auto-make a homedir for "new" users on a box when they log in with tui/gui and don't end up with 'No Homedir!" errors at login

10. it will also create these homedirs as /home/$DOMAIN_NAME/$USER so that if you have shared homedirs you can mount that at /home/$DOMAIN_NAME and have them show up automatically