LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 03-13-2008, 03:39 PM   #1
RyanG
LQ Newbie
 
Registered: Mar 2008
Posts: 3

Rep: Reputation: 0
Red Hat ES3 integration with Windows 2003 Active Directory problems


Hi,

I'm trying to setup my Red Hat ES3 server to authenticate using a Windows 2003 Active Directory server but am having some issues.

Is there something that needs to be done differently in Red Hat ES3 compared to Red Hat AS4 for this? I managed to get all Red Hat AS4 servers working just fine with Active Directory but doing the exact same things on an ES3 server doesn't work.

This is the article I used to configure Red Hat for LDAP authentication through Active Directory.
http://www.microsoft.com/technet/sol...dsu.mspx#EEMAG
Search Install and Configure Red Hat 9 for the instructions I used. I know these are for Red Hat 9 but supposedly it works for later versions as well (it worked for AS4, but not ES3)

This is the header of the subsection used (Native OS one, not Open Source):
Install and Configure Red Hat 9
[Native OS] [Red Hat 9] [End States 1 and 2]


There's no error messages per say, but when I type "id user01" it just says "id: user01: No such user"

Ok so I configured kerberos fine (ie I can make tickets for users (kinit)). There seems to be an issue with the LDAP portion of the authentication. Here's my ldap.conf file (identical to the AS4 servers that do work).


Code:
# @(#)$Id: ldap.conf,v 1.27 2003/01/17 21:37:12 lukeh Exp $

host 100.99.1.7

base dc=my,dc=domain,dc=com
uri ldap://adserver.my.domain.com/

binddn cn=proxyuser,dc=users,dc=my,dc=domain,dc=com
bindpw redhat

scope sub
timelimit 30

nss_base_passwd	ou=unix,ou=clients,dc=my,dc=domain,dc=com?sub
nss_base_shadow	ou=unix,ou=clients,dc=my,dc=domain,dc=com?sub
nss_base_group  ou=unix,ou=clients,dc=my,dc=domain,dc=com?sub

nss_map_objectclass posixAccount User
nss_map_objectclass shadowAccount User
nss_map_objectclass posixGroup Group
nss_map_attribute uid sAMAccountName
nss_map_attribute uidNumber msSFU30UidNumber
nss_map_attribute gidNumber msSFU30GidNumber
nss_map_attribute loginShell msSFU30LoginShell
nss_map_attribute uniqueMember msSFU30posixMember
nss_map_attribute homeDirectory msSFU30HomeDirectory
nss_map_attribute memberUid msSFU30MemberUid

ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5
Any help is greatly appreciated. Searching online I've read once or twice that configuration should be identical for all versions of red hat past 2.

Edit: I should mention that the problem resides on the ES3 server for sure and not on the windows server.

I did a packet capture, here's the output from the ldap request (removed extra info)
100.99.1.10 -> 100.99.1.7 LDAP MsgId=1 Bind Request, DN=cn=proxyuser,dc=users,dc=my,dc=domain,dc=com
100.99.1.7 -> 100.9.1.10 LDAP Bind Result
100.99.1.10 -> 100.99.1.7 TCP 32808 > ldap [ACK] Seq=73 Ack=23 Win=5840 Len=0 TSV=315319 TSER=6215949
100.99.1.10 -> 100.99.1.7 LDAP MsgId=2 Search Request, Base DN=ou=unix,ou=clients,dc=my,dc=domain,dc=com
100.99.1.7 -> 100.99.1.10 LDAP MsgID=2 Search Result, Operations error
.
.
.

Thanks in advance,
Ryan

Last edited by RyanG; 03-13-2008 at 03:48 PM.
 
Old 03-14-2008, 09:32 AM   #2
Simon Bridge
Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 197Reputation: 197
Then I'd blame the windows server and push to move to a linux framework.

RH9? Lets try for something more up to date then
http://www.linuxquestions.org/questi...94#post2990494
... the links, not the post.

http://www.linuxquestions.org/questi...ectory-371848/
... and again.

http://www.openldap.org/lists/openld.../msg00119.html
... discussion - follow the thread.

But it may just be that you need to upgrade the ldap packages.
 
Old 03-14-2008, 11:22 AM   #3
RyanG
LQ Newbie
 
Registered: Mar 2008
Posts: 3

Original Poster
Rep: Reputation: 0
Thanks a lot I'll take a look at those.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux, Active Directory, and Windows Server 2003 mijohnst Linux - Networking 1 12-05-2007 08:27 AM
RHEL4 authentication to Windows 2003 Active Directory rtkaczyk Linux - Enterprise 40 10-29-2007 07:27 PM
Newbie Questions: Joining Red Hat v5 Server to Active Directory 2003 whowhatwhere Linux - Server 1 08-22-2007 05:54 PM
Active Directory 2003 Integration (Winbind dead) matthewhardwick Fedora 2 09-16-2006 04:54 PM
Authenticating Linux against Windows 2003 Active Directory Builder Linux - Enterprise 26 08-30-2005 03:56 AM


All times are GMT -5. The time now is 12:50 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration