Linux Active Directory Authentication using OpenSuse 10.3

1. First off, go into the BIOS and make sure that the system time is correct; this will have a very powerful effect on AD authentication as a difference in more than 20 min from the AD server will cause a “time skew” error and not allow you to connect.

2. Next you have to log into your AD server and create an entry for your new machine. General practice is to keep the name at 15 characters or less and name the machine for its location and/or purpose.

3. now on to the actual setup, insert your OpenSuse boot cd/dvd an boot from it.

4. select “Installation” at the first window

5. Select your preferred language, for the purposes of this guide I have chosen English(US)

6. Now you get the option to check your install media for errors, If it is your first time using this disk it may be a good idea to do so

7. Next you are asked to agree to the license agreement

8. Under Installation Mode, select “new installation” and make sure that the check boxes for “add online repositories” and “include Add-On Products” are unchecked

9. Clock and Time Zone, this is where those early BIOS settings come into play. Make sure the region and time zone are set to correspond with the location of the AD server you will be using to authenticate. Since I am using a local AD server in Gainesville Fl, I selected USA, Eastern time zone, then changed “hardware clock set from “UTC” to “local time” and made sure that the time and date are correct.

10. Next you are asked to select the window manager, Gnome or KDE. This is a personal choice amongst linux users and a matter of great debate so I will leave the choice to you. I selected KDE.

11. Next you are given all the information you have just entered, review it and make sure it is all the way you want it. Then you are given a few more license agreements to accept, then, finally asked if you are sure you want to install. Once you agree to all this, the installation will finally begin. You can click on the details tab to check on the progress of the installation.

12. when its all done the system will reboot.

13. Now you enter a password for the root user and go to the next step.

14. On this step it is very important that the Hostname matches the name assigned to this machine on the AD server (the name we added to gates in the second step). Also make sure that the box next to “Change Hostname via DHCP” is unchecked

15. The next window will have all your network configuration settings. The most important part here is the “network interfaces” section. If it picks up your network card but says “not configured yet” under it, click on the change button at the bottom of the screen and select “network interfaces”, Highlight your network card and click on the configure button at the bottom of the page. Select “Dynamic Address” and “DHCP” from the pulldown menu, then hit next.It should now say “DHCP” under IP Address for your network device. Hit “accept” at the bottom right of the page. The Network Configuration page should now reflect the changes we’ve made and say that your network interface is configured with DHCP.

16. Next you will be asked if you want to perform a network test, for this test to work correctly the machine must have access to outside networks. AD authentication can and will work on a private network that has no access to the web. Be aware of this and use the network test only if it is applicable.

17. The next set of windows is where this process either works or falls apart. User Authentication Method, for AD you are going to select “Windows Domain.” When you hit next it will say that “samba” needs to be installed, hit continue and wait for the samba packages to finish installing.

18. Windows Domain Membership; enter your domain and make sure that the check boxes next to “Create Home Directory on Login” and “offline Authentication” are both checked.

19. Enter your admin username and password when prompted. Also make sure that the dialog box has the correct domain at the top where it says "Enter the username and password for joining the domain (yourdomainhere)"

There are a slew of issues that can come up, the most common of which is simply an incorrect log in. Most errors will come in the form of “NT_STATUS_TYPE_OF_ERROR” and should be pretty informative as to what the issue is. For example an error reading “NT_STATUS_NAME_TOO_LONG” would indicate that the name of the machine is longer than 15 characters. Again keep an eye our for “time skew” errors which would indicate some discrepancy between the time and date on the AD server and your local machine.

20. If there are no errors you should receive a “welcome to the (yourdomainhere) domain” message and be able to finish the install with minimal deviation from standard windows.

21. Upon restart make sure that the domain is set to yourdomain and log in using your user account.