LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Enterprise (https://www.linuxquestions.org/questions/linux-enterprise-47/)
-   -   Need assistance configuring LDAP authentication with Windows 2008 AD (https://www.linuxquestions.org/questions/linux-enterprise-47/need-assistance-configuring-ldap-authentication-with-windows-2008-ad-937667/)

fiddler1956 04-02-2012 08:15 AM
Need assistance configuring LDAP authentication with Windows 2008 AD
 
I'm attempting to configure LDAP authentication on Red Hat Enterprise Linux 6.2 using SSSD with Windows Server 2008 Active Directory. At this point, I've read so many bits and pieces of this on various forums that my head's spinning. I don't know AD at all (other than what it does), and I've not configured an LDAP client before. What I really need is a step-by-step process or "cookbook", starting with the packages which must be installed, because I'm not convinced I have all of them.

Any and all info that forum participants can provide will be greatly appreciated.

acid_kewpie 04-02-2012 08:46 AM
well first things first... where are your posix details coming from? Without additional unix schemas installed on AD, there isn't enough information on the AD to use as an unix account server.

I configure ldap on el6 through /etc/nslcd.conf and /etc/pam_ldap.conf, not fussed about sssd personally.

yodamin 04-16-2012 11:32 PM
I probably can't help to much, but I can get you off in the right direction I think. LOL, ah well here goes:


Have you added the Microsoft Identity Management for Unix Role Service to AD? If not do so.

I joined Ubuntu to my AD domain 2008R2 Server using likewise-open using ADS security settings. I saw the ldap selection in the drop down of available authentication types but I did not use it, I selected ADS instead (Active Directory Services).

I don't use RH. I did try the following with Fedora 16 and it did not work out perfectly. I did also do the following with Ubuntu 10.04 LTS and it worked perfectly.

installed likewise open and samba-winbind apt-get in ubuntu and yum in fedora.

After that I used the likewise open shortcut I found in the administration menu's of each OS and from there it is pretty self explanatory, plug in DC and REALM, select security type and click join button. As I said, I never did get it working right on Fedora 16 (64 bit) but Ubuntu 10.04 LTS did it all seamlessly.

On the Windows 2008 server side, after you install Mgmnt for Srvs for unix, create a (global/security-defaults) group and use the groups properties sheet to configure the unix attributes. You can also do the same for each unix user you create. I am also just learning Windows 2008 Server. I have had some previous experience with 2ksrv and various versions of linux.

I found it easier, being gui driven, to find the GUID of the user on Ubuntu. I still haven't figured out how to find it on Fedora. I forgot how to do it and have had time to google it yet:-)

GL!


All times are GMT -5. The time now is 05:58 PM.