brian_appliedcpu
asked on
Windows Identity Manager for Unix Issue
We have a Redhat enterprise 5.8 system and windows 2008r2
we have the Microsoft Identity Manager for Unix installed and configured.
We have a test redhat system with users already populated.
We are using MD5 and shadow passwords.
The Identity Manager for Windows under the NIS is set for MD5 also
We have verified the Enryption keys and have configured the sso.conf to match as:
Use Shadows=1 with the proper folder for the /etc/shadow file
NIS is off
I restart the ssod and verify it is running
We change a password on the Windows side, the Windows application log says it was changed and passed to the Unix side
The logs on the unix side say it was successfully changed but we still cannot log in.
I manually change the password on the unix side and I can log in fine.
Any idea what I could be doing wrong?
we have the Microsoft Identity Manager for Unix installed and configured.
We have a test redhat system with users already populated.
We are using MD5 and shadow passwords.
The Identity Manager for Windows under the NIS is set for MD5 also
We have verified the Enryption keys and have configured the sso.conf to match as:
Use Shadows=1 with the proper folder for the /etc/shadow file
NIS is off
I restart the ssod and verify it is running
We change a password on the Windows side, the Windows application log says it was changed and passed to the Unix side
The logs on the unix side say it was successfully changed but we still cannot log in.
I manually change the password on the unix side and I can log in fine.
Any idea what I could be doing wrong?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Would def do that but the owner of the company wont spring for the Redhat subscription so we are stuck with what is already on the system.
You can convert to centos or oracle linux (with their agreement) as there is dead black hole in samba and you need to patch it before trying winbind
ASKER
Gheist suggested an alternative method which would work.
make config files from ubuntu guide
join domain as domain admin
once wbinfo -t works you can use authonfig to add all AD users as system users, or e.g. use winbind for squid or apache authentication. SSo takes more effort, but it works too once you get protocol versions/types right
join domain as domain admin
once wbinfo -t works you can use authonfig to add all AD users as system users, or e.g. use winbind for squid or apache authentication. SSo takes more effort, but it works too once you get protocol versions/types right
Upgrade redhat to 5U11 to fix imminint security issues.
You need to put together ubuntu winbindd guide with redhat authconfig guide, and i think you will be all set quickly.