Solved

RHEL5 LDAP Authentication to Active Directories

Posted on 2009-04-14
4
1,568 Views
Last Modified: 2012-05-06
I am trying to setup a RHEL5 client to authenticate with Win2003 AD. I have the ldap.conf and krb5.conf setup and it seems to be authenticating when I use:

 [root@client1 etc]# /usr/kerberos/bin/kinit joeblo@LAB01.TEST.LCL
Password for joeblo@LAB01.TEST.LCL:
[root@client1 etc]#

The krb commands (klist,kbinit, etc.) seem to work but I cannot seem to login from a remote terminal. It just hangs when I enter my password. I think I am missing something. I think that PAM might not yet be setup???? I have limited docs...

I have attached the krb5 and ldap.conf files

Any ideas?
krb5.conf-Mulder.txt
ldap.conf-Mulder.txt
0
Comment
Question by:bebo_c
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 

Author Comment

by:bebo_c
ID: 24141201
Also tried this (Maybe LDAP not set up)

[root@mulder openldap]# ldapsearch -x -h 146.129.73.44 -D cn=cranest,dc=LAB01,dc=TEST,dc=LCL -W Lunch1meat
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: (objectclass=*)
# requesting: Lunch1meat
#

# search result
search: 2
result: 1 Operations error
text: 00000000: LdapErr: DSID-0C090627, comment: In order to perform this ope
 ration a successful bind must be completed on the connection., data 0, vece

# numResponses: 1
[root@mulder openldap]# ldapsearch -x -h 146.129.73.44 -D cn=cranest,dc=LAB01,dc=TEST,dc=LCL -W Lunch1meat
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
        additional info: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
[root@mulder openldap]#
0
 
LVL 3

Assisted Solution

by:a_ro_no
a_ro_no earned 20 total points
ID: 24142263
I would recommend you to take a network trace on the Windows KDC in order to examine the Kerberos/LDAP traffic that is being generated.
Im pretty sure you will be able to find some clues there. or at least some generic error codes
Use Wireshark is easier.
0
 

Accepted Solution

by:
bebo_c earned 0 total points
ID: 24308684
The MS-WINDOWS group were un-cooperative so we fell back to NIS, I will close this question.
0
 

Author Comment

by:bebo_c
ID: 24308702
Please close question
0

Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question