Windows Identity Manager for Unix Issue

We have a Redhat enterprise 5.8 system and windows 2008r2
we have the Microsoft Identity Manager for Unix installed and configured.
We have a test redhat system with users already populated.
We are using MD5 and shadow passwords.
The Identity Manager for Windows under the NIS is set for MD5 also
We have verified the Enryption keys and have configured the sso.conf to match as:
  Use Shadows=1 with the proper folder for the /etc/shadow file
NIS is off
I restart the ssod and verify it is running
We change a password on the Windows side, the Windows application log says it was changed and passed to the Unix side
The logs on the unix side say it was successfully changed but we still cannot log in.
I manually change the password on the unix side and I can log in fine.

Any idea what I could be doing wrong?
LVL 2
brian_appliedcpuAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gheistCommented:
I do use samba-winbind for authentication and authorisation. No need to modify AD for example...
0
brian_appliedcpuAuthor Commented:
I used Kerberos, works like a champ.  The only caveat was to use all capital letters in the realm and domain names.
Thanks for the suggestion to use something other than Microsoft Identity Manager for Unix.  It proved not to work because in v5.8 the MD5 encryption was not compatible with MS.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gheistCommented:
MD5 is too weak in face of GPU computing. You will need to get rid of it fairly soon...
Upgrade redhat to 5U11 to fix imminint security issues.
You need to put together ubuntu winbindd guide with redhat authconfig guide, and i think you will be all set quickly.
0
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

brian_appliedcpuAuthor Commented:
Would def do that but the owner of the company wont spring for the Redhat subscription so we are stuck with what is already on the system.
0
gheistCommented:
You can convert to centos or oracle linux (with their agreement) as there is dead black hole in samba and you need to patch it before trying winbind
0
brian_appliedcpuAuthor Commented:
Gheist suggested an alternative method which would work.
0
gheistCommented:
make config files from ubuntu guide
join domain as domain admin
once wbinfo -t works you can use authonfig to add all AD users as system users, or e.g. use winbind for squid or apache authentication. SSo takes more effort, but it works too once you get protocol versions/types right
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Unix OS

From novice to tech pro — start learning today.