Solved

RHEL5 LDAP Authentication to Active Directories

Posted on 2009-04-14
4
1,564 Views
Last Modified: 2012-05-06
I am trying to setup a RHEL5 client to authenticate with Win2003 AD. I have the ldap.conf and krb5.conf setup and it seems to be authenticating when I use:

 [root@client1 etc]# /usr/kerberos/bin/kinit joeblo@LAB01.TEST.LCL
Password for joeblo@LAB01.TEST.LCL:
[root@client1 etc]#

The krb commands (klist,kbinit, etc.) seem to work but I cannot seem to login from a remote terminal. It just hangs when I enter my password. I think I am missing something. I think that PAM might not yet be setup???? I have limited docs...

I have attached the krb5 and ldap.conf files

Any ideas?
krb5.conf-Mulder.txt
ldap.conf-Mulder.txt
0
Comment
Question by:bebo_c
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 

Author Comment

by:bebo_c
ID: 24141201
Also tried this (Maybe LDAP not set up)

[root@mulder openldap]# ldapsearch -x -h 146.129.73.44 -D cn=cranest,dc=LAB01,dc=TEST,dc=LCL -W Lunch1meat
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: (objectclass=*)
# requesting: Lunch1meat
#

# search result
search: 2
result: 1 Operations error
text: 00000000: LdapErr: DSID-0C090627, comment: In order to perform this ope
 ration a successful bind must be completed on the connection., data 0, vece

# numResponses: 1
[root@mulder openldap]# ldapsearch -x -h 146.129.73.44 -D cn=cranest,dc=LAB01,dc=TEST,dc=LCL -W Lunch1meat
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
        additional info: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
[root@mulder openldap]#
0
 
LVL 3

Assisted Solution

by:a_ro_no
a_ro_no earned 20 total points
ID: 24142263
I would recommend you to take a network trace on the Windows KDC in order to examine the Kerberos/LDAP traffic that is being generated.
Im pretty sure you will be able to find some clues there. or at least some generic error codes
Use Wireshark is easier.
0
 

Accepted Solution

by:
bebo_c earned 0 total points
ID: 24308684
The MS-WINDOWS group were un-cooperative so we fell back to NIS, I will close this question.
0
 

Author Comment

by:bebo_c
ID: 24308702
Please close question
0

Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question