LinuxQuestions.org
Page 2 of 2 1 2
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Configuring Active Directory users authentication on Cent-OS boxes (https://www.linuxquestions.org/questions/linux-newbie-8/configuring-active-directory-users-authentication-on-cent-os-boxes-4175433452/)

acid_kewpie 10-22-2012 04:08 PM
Don't follow the stream, expand the protocol sub trees.

Clearly the anonymous bind setting is not sufficient. You've an error message which gives back pages and pages of search results in google, so plenty of other people have been in your position. Without digging into it, I don't know if it's an AD or ldap client issue, but I would personally look to create a dedicated bind user and configuring ldap.conf to use that read only user account.

skimeer 10-23-2012 07:07 AM
Now I have my /etc/ldap.conf like below... but its still failing.

Code:
[root@DevMMC2 ~]# grep -v '#' /etc/ldap.conf


base cn=users,dc=test,dc=com
binddn cn=Administrator,cn=users,dc=test,dc=com
bindpw $unsolaris123
rootbinddn cn=Administrator,cn=users,dc=test,dc=com
timelimit 120
bind_timelimit 120
idle_timelimit 3600
nss_base_passwd dc=test,dc=com?sub
nss_base_shadow dc=test,dc=com?sub
nss_base_group  dc=test,dc=com?sub
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_objectclass posixGroup group
nss_map_attribute cn msSFUName
nss_map_attribute uid msSFUName
nss_map_attribute gid gidNumber
nss_map_attribute gecos sAMAccountName
nss_map_attribute homeDirectory msSFUHomeDirectory
nss_map_attribute uniqueMember Member
pam_login_attribute msSFUName
pam_filter objectclass=user
pam_password ad
uri ldap://10.55.199.114
pam_password md5
ssl no
tls_cacertdir /etc/openldap/cacerts

acid_kewpie 10-23-2012 07:16 AM
I don't like to the look of a $ in the password, but yet yet again, look in wireshark! Expand the subtrees like in this picture... http://code.google.com/p/protobuf-wireshark/

skimeer 10-23-2012 09:04 AM
2 Attachment(s)
I use this password to satisfy windows criteria of complex password, However I can try with simple one also.

From wireshark, as we confirmed that its because bind is not successful.I have compared bind requests for both ldapsearch and su. I have attached screenshot for that.

acid_kewpie 10-23-2012 02:48 PM
OK, so you need to look at the output yourself, not post screenshots. look at the *responses*, one from ldapsearch and one from, say, getent passwd, with what you perceive to be the same details, and compare them.

skimeer 10-29-2012 08:37 AM
Finally I got it working. There are many issue, but imp one was, providing proper mapping values in /etc/ldap.conf and bind-dn and its password.

acid_kewpie, thanks for all your help.


All times are GMT -5. The time now is 12:34 AM.
Page 2 of 2 1 2
Show 50 post(s) from this thread on one page