[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

RHEL5 LDAP Authentication to Active Directories

Posted on 2009-04-14
4
Medium Priority
?
1,575 Views
Last Modified: 2012-05-06
I am trying to setup a RHEL5 client to authenticate with Win2003 AD. I have the ldap.conf and krb5.conf setup and it seems to be authenticating when I use:

 [root@client1 etc]# /usr/kerberos/bin/kinit joeblo@LAB01.TEST.LCL
Password for joeblo@LAB01.TEST.LCL:
[root@client1 etc]#

The krb commands (klist,kbinit, etc.) seem to work but I cannot seem to login from a remote terminal. It just hangs when I enter my password. I think I am missing something. I think that PAM might not yet be setup???? I have limited docs...

I have attached the krb5 and ldap.conf files

Any ideas?
krb5.conf-Mulder.txt
ldap.conf-Mulder.txt
0
Comment
Question by:bebo_c
  • 3
4 Comments
 

Author Comment

by:bebo_c
ID: 24141201
Also tried this (Maybe LDAP not set up)

[root@mulder openldap]# ldapsearch -x -h 146.129.73.44 -D cn=cranest,dc=LAB01,dc=TEST,dc=LCL -W Lunch1meat
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: (objectclass=*)
# requesting: Lunch1meat
#

# search result
search: 2
result: 1 Operations error
text: 00000000: LdapErr: DSID-0C090627, comment: In order to perform this ope
 ration a successful bind must be completed on the connection., data 0, vece

# numResponses: 1
[root@mulder openldap]# ldapsearch -x -h 146.129.73.44 -D cn=cranest,dc=LAB01,dc=TEST,dc=LCL -W Lunch1meat
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
        additional info: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
[root@mulder openldap]#
0
 
LVL 3

Assisted Solution

by:a_ro_no
a_ro_no earned 80 total points
ID: 24142263
I would recommend you to take a network trace on the Windows KDC in order to examine the Kerberos/LDAP traffic that is being generated.
Im pretty sure you will be able to find some clues there. or at least some generic error codes
Use Wireshark is easier.
0
 

Accepted Solution

by:
bebo_c earned 0 total points
ID: 24308684
The MS-WINDOWS group were un-cooperative so we fell back to NIS, I will close this question.
0
 

Author Comment

by:bebo_c
ID: 24308702
Please close question
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question