Hi,
I'm trying to setup my Red Hat ES3 server to authenticate using a Windows 2003 Active Directory server but am having some issues.
Is there something that needs to be done differently in Red Hat ES3 compared to Red Hat AS4 for this? I managed to get all Red Hat AS4 servers working just fine with Active Directory but doing the exact same things on an ES3 server doesn't work.
This is the article I used to configure Red Hat for LDAP authentication through Active Directory.
http://www.microsoft.com/technet/sol...dsu.mspx#EEMAG
Search
Install and Configure Red Hat 9 for the instructions I used. I know these are for Red Hat 9 but supposedly it works for later versions as well (it worked for AS4, but not ES3)
This is the header of the subsection used (Native OS one, not Open Source):
Install and Configure Red Hat 9
[Native OS] [Red Hat 9] [End States 1 and 2]
There's no error messages per say, but when I type "id user01" it just says "id: user01: No such user"
Ok so I configured kerberos fine (ie I can make tickets for users (kinit)). There seems to be an issue with the LDAP portion of the authentication. Here's my ldap.conf file (identical to the AS4 servers that do work).
Code:
# @(#)$Id: ldap.conf,v 1.27 2003/01/17 21:37:12 lukeh Exp $
host 100.99.1.7
base dc=my,dc=domain,dc=com
uri ldap://adserver.my.domain.com/
binddn cn=proxyuser,dc=users,dc=my,dc=domain,dc=com
bindpw redhat
scope sub
timelimit 30
nss_base_passwd ou=unix,ou=clients,dc=my,dc=domain,dc=com?sub
nss_base_shadow ou=unix,ou=clients,dc=my,dc=domain,dc=com?sub
nss_base_group ou=unix,ou=clients,dc=my,dc=domain,dc=com?sub
nss_map_objectclass posixAccount User
nss_map_objectclass shadowAccount User
nss_map_objectclass posixGroup Group
nss_map_attribute uid sAMAccountName
nss_map_attribute uidNumber msSFU30UidNumber
nss_map_attribute gidNumber msSFU30GidNumber
nss_map_attribute loginShell msSFU30LoginShell
nss_map_attribute uniqueMember msSFU30posixMember
nss_map_attribute homeDirectory msSFU30HomeDirectory
nss_map_attribute memberUid msSFU30MemberUid
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5
Any help is greatly appreciated. Searching online I've read once or twice that configuration should be identical for all versions of red hat past 2.
Edit: I should mention that the problem resides on the ES3 server for sure and not on the windows server.
I did a packet capture, here's the output from the ldap request (removed extra info)
100.99.1.10 -> 100.99.1.7 LDAP MsgId=1 Bind Request, DN=cn=proxyuser,dc=users,dc=my,dc=domain,dc=com
100.99.1.7 -> 100.9.1.10 LDAP Bind Result
100.99.1.10 -> 100.99.1.7 TCP 32808 > ldap [ACK] Seq=73 Ack=23 Win=5840 Len=0 TSV=315319 TSER=6215949
100.99.1.10 -> 100.99.1.7 LDAP MsgId=2 Search Request, Base DN=ou=unix,ou=clients,dc=my,dc=domain,dc=com
100.99.1.7 -> 100.99.1.10 LDAP MsgID=2 Search Result, Operations error
.
.
.
Thanks in advance,
Ryan
