?
Solved

RHEL5 LDAP Authentication to Active Directories

Posted on 2009-04-14
4
Medium Priority
?
1,570 Views
Last Modified: 2012-05-06
I am trying to setup a RHEL5 client to authenticate with Win2003 AD. I have the ldap.conf and krb5.conf setup and it seems to be authenticating when I use:

 [root@client1 etc]# /usr/kerberos/bin/kinit joeblo@LAB01.TEST.LCL
Password for joeblo@LAB01.TEST.LCL:
[root@client1 etc]#

The krb commands (klist,kbinit, etc.) seem to work but I cannot seem to login from a remote terminal. It just hangs when I enter my password. I think I am missing something. I think that PAM might not yet be setup???? I have limited docs...

I have attached the krb5 and ldap.conf files

Any ideas?
krb5.conf-Mulder.txt
ldap.conf-Mulder.txt
0
Comment
Question by:bebo_c
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 

Author Comment

by:bebo_c
ID: 24141201
Also tried this (Maybe LDAP not set up)

[root@mulder openldap]# ldapsearch -x -h 146.129.73.44 -D cn=cranest,dc=LAB01,dc=TEST,dc=LCL -W Lunch1meat
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: (objectclass=*)
# requesting: Lunch1meat
#

# search result
search: 2
result: 1 Operations error
text: 00000000: LdapErr: DSID-0C090627, comment: In order to perform this ope
 ration a successful bind must be completed on the connection., data 0, vece

# numResponses: 1
[root@mulder openldap]# ldapsearch -x -h 146.129.73.44 -D cn=cranest,dc=LAB01,dc=TEST,dc=LCL -W Lunch1meat
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
        additional info: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
[root@mulder openldap]#
0
 
LVL 3

Assisted Solution

by:a_ro_no
a_ro_no earned 80 total points
ID: 24142263
I would recommend you to take a network trace on the Windows KDC in order to examine the Kerberos/LDAP traffic that is being generated.
Im pretty sure you will be able to find some clues there. or at least some generic error codes
Use Wireshark is easier.
0
 

Accepted Solution

by:
bebo_c earned 0 total points
ID: 24308684
The MS-WINDOWS group were un-cooperative so we fell back to NIS, I will close this question.
0
 

Author Comment

by:bebo_c
ID: 24308702
Please close question
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses
Course of the Month14 days, 18 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question