Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

RHEL5 LDAP Authentication to Active Directories

Posted on 2009-04-14
4
Medium Priority
?
1,572 Views
Last Modified: 2012-05-06
I am trying to setup a RHEL5 client to authenticate with Win2003 AD. I have the ldap.conf and krb5.conf setup and it seems to be authenticating when I use:

 [root@client1 etc]# /usr/kerberos/bin/kinit joeblo@LAB01.TEST.LCL
Password for joeblo@LAB01.TEST.LCL:
[root@client1 etc]#

The krb commands (klist,kbinit, etc.) seem to work but I cannot seem to login from a remote terminal. It just hangs when I enter my password. I think I am missing something. I think that PAM might not yet be setup???? I have limited docs...

I have attached the krb5 and ldap.conf files

Any ideas?
krb5.conf-Mulder.txt
ldap.conf-Mulder.txt
0
Comment
Question by:bebo_c
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 

Author Comment

by:bebo_c
ID: 24141201
Also tried this (Maybe LDAP not set up)

[root@mulder openldap]# ldapsearch -x -h 146.129.73.44 -D cn=cranest,dc=LAB01,dc=TEST,dc=LCL -W Lunch1meat
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: (objectclass=*)
# requesting: Lunch1meat
#

# search result
search: 2
result: 1 Operations error
text: 00000000: LdapErr: DSID-0C090627, comment: In order to perform this ope
 ration a successful bind must be completed on the connection., data 0, vece

# numResponses: 1
[root@mulder openldap]# ldapsearch -x -h 146.129.73.44 -D cn=cranest,dc=LAB01,dc=TEST,dc=LCL -W Lunch1meat
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
        additional info: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
[root@mulder openldap]#
0
 
LVL 3

Assisted Solution

by:a_ro_no
a_ro_no earned 80 total points
ID: 24142263
I would recommend you to take a network trace on the Windows KDC in order to examine the Kerberos/LDAP traffic that is being generated.
Im pretty sure you will be able to find some clues there. or at least some generic error codes
Use Wireshark is easier.
0
 

Accepted Solution

by:
bebo_c earned 0 total points
ID: 24308684
The MS-WINDOWS group were un-cooperative so we fell back to NIS, I will close this question.
0
 

Author Comment

by:bebo_c
ID: 24308702
Please close question
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question