LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Linux AD Integration (http://www.linuxquestions.org/questions/linux-server-73/linux-ad-integration-820518/)

boqor 07-18-2010 08:33 AM

Linux AD Integration
 
Hello folks,


I need only centralized authentication via M$ AD and I try configure nss-ldap in my debian box but syslog always says these messages;

Code:

Jul 18 15:58:01 debox nscd: nss_ldap: failed to bind to LDAP server ldap://192.168.0.5: Invalid credentials
Jul 18 15:58:01 debox nscd: nss_ldap: failed to bind to LDAP server ldap://192.168.0.5/: Invalid credentials
Jul 18 15:58:01 debox nscd: nss_ldap: reconnecting to LDAP server...
Jul 18 15:58:01 debox nscd: nss_ldap: failed to bind to LDAP server ldap://192.168.0.5: Invalid credentials
Jul 18 15:58:01 debox nscd: nss_ldap: failed to bind to LDAP server ldap://192.168.0.5/: Invalid credentials
Jul 18 15:58:01 debox nscd: nss_ldap: reconnecting to LDAP server (sleeping 1 seconds)...
Jul 18 15:58:02 debox nscd: nss_ldap: failed to bind to LDAP server ldap://192.168.0.5: Invalid credentials
Jul 18 15:58:02 debox nscd: nss_ldap: failed to bind to LDAP server ldap://192.168.0.5/: Invalid credentials
Jul 18 15:58:02 debox nscd: nss_ldap: could not search LDAP server - Server is unavailable
Jul 18 15:58:02 debox sshd[16767]: Invalid user boqor from x.x.x.x

But i can get answers for ldapsearch command

Code:

ldapsearch -x -W -D "cn=Administrator,cn=Users,dc=ad,dc=domain,dc=tld"|grep sAMAccountName
Enter LDAP Password:

sAMAccountName: Administrator
sAMAccountName: Guest
sAMAccountName: boqor
.
.
.


My config files;

ldap.conf
Code:

host    192.168.0.5
BASE    dc=ad,dc=domain,dc=tld
URI    ldap://192.168.0.5/
binddn  cn=Administrator,cn=Users,dc=ad,dc=domain,dc=tld
bindpw  pazzword
scope sub
ssl no


libnss-ldap.conf
Code:

host    192.168.0.5
BASE    dc=ad,dc=domain,dc=tld
URI    ldap://192.168.0.5/
binddn  cn=Administrator,cn=Users,dc=ad,dc=domain,dc=tld
bindpw  pazzword
ldap_version 3
rootbinddn cn=Administrator,cn=User,dc=ad,dc=domain,dc=tld

libnss-ldap.secret
Code:

pazzword
nsswitch.conf
Code:

passwd: compat ldap
shadow: compat ldap
group: compat ldap

hosts:          files dns
networks:      files
protocols:      db files
services:      db files
ethers:        db files
rpc:            db files
netgroup:      nis

nss-ldapd.conf
Code:

host    192.168.0.5
BASE    dc=ad,dc=domain,dc=tld
URI    ldap://192.168.0.5/
binddn  cn=Administrator,cn=Users,dc=ad,dc=domain,dc=tld
bindpw  pazzword
scope sub
timelimit 30


Anybody can help me? How can i debug nss-ldap?
M$ logs are not readable or helpful.

Blue_Ice 07-19-2010 02:28 AM

I am not sure, but I think you need to configure kerberos on the client side as well. I know that AD uses kerberos.
Can somebody confirm this?

ghostis 07-20-2010 01:17 PM

I've used a combination of winbindd with kerberos support to authenticate against AD.

Check

http://wiki.samba.org/index.php/Samb...tive_Directory

and

http://wiki.samba.org/index.php/Samb...ctory_%26_LDAP

for more info.

-Adam Keck

Quote:

Originally Posted by Blue_Ice (Post 4037790)
I am not sure, but I think you need to configure kerberos on the client side as well. I know that AD uses kerberos.
Can somebody confirm this?



All times are GMT -5. The time now is 02:51 PM.