Hi ALL,
I need to configure LDAP and connect it to Microsoft Active Directory 2003 SP2 to manage my RHEL 5.5 with Microsoft windows Domain
At this point I'm able to query MSAD (getent passwd/group lists all the users/groups from Domain as well as local)
Also Kerberos authentication is working (kinit user is working and klist are returning expected results)
Now my problem is that I cannot ssh into the RHEL box with any of the Domain Users even though I can see those account in getent results.
My first question is if everything is ok with my system-auth configuration file (I'm not sure if all is needed and in right order):
auth required pam_env.so
auth required pam_tally.so deny=5
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
auth sufficient pam_ldap.so use_first_pass
auth sufficient pam_krb5.so minimum_uid=990
account required pam_unix.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_tally.so deny=5 no_magic_root reset
account required pam_permit.so
account sufficient pam_ldap.so
account required pam_krb5.so minimum_uid=990
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so remember=7 md5 shadow nullok try_first_pass use_authtok
password required pam_deny.so
password sufficient pam_ldap.so use_authtok
password sufficient pam_krb5.so minimum_uid=990
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so remember=7 use_authtok
session required pam_mkhomedir.so umask=0022 skel=/etc/skel
session optional pam_ldap.so
session required pam_krb5.so minimum_uid=990
Second question. How to add Linux server computer account to MSAD Computers CN without using SAMBA ?? From what I read kadmin should do it but not sure how to do it