Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 02-25-2011, 08:28 AM   #1
LQ Newbie
Registered: Feb 2011
Posts: 1

Rep: Reputation: 0
RHEL6, Windows 2008, LDAP

I have Redhat 5 playing nice as it authenticates against windows server 2008. But I ran into issues trying to get Redhat 6 to do it as well.

Here is where I stand on my redhat 6 box:

I have my certificates working between the windows and the redhat box.

From Root user I can SU to an Active Directory user.
getent works. I can see all the users info.
ldapsearch works with the CA certificate so my SSL handshake is working.
I do not suspect cert issues

But when I try to login as active directory on my Redhat 6 box I get told I used an invalid password. The password works just fine on the windows server, so I didn't fat finger anything. I am just confused as to why I can have getent and ldapsearching but can not login.

I have turned off iptables on redhat and the firewall on 2008 server to see if that would change the situation but no luck.

I noted that in Redhat 6 I need to config SSSD rather then NSCD.

Let me know if you need to see my:

var messages

to provide further light and guidance on what I maybe doing wrong or leaving out in my configurations.
Old 02-25-2011, 09:07 AM   #2
Registered: Dec 2004
Location: Alabama
Distribution: Slackware, Solaris,Fedora, CentOS, Redhat, SGI
Posts: 65

Rep: Reputation: 18
Ensure Kerberos is configured and the server times are synced
Old 04-05-2011, 04:32 AM   #3
LQ Newbie
Registered: Jun 2008
Posts: 7

Rep: Reputation: 0
I am also getting the password error. Did you manage to figure this out?
Old 04-05-2011, 07:51 AM   #4
LQ Newbie
Registered: Jun 2008
Posts: 7

Rep: Reputation: 0
I have figured this out now. I had to add the relevant lines into /etc/pam.d/password-auth. I had only edited system-auth.
Old 05-19-2012, 09:28 AM   #5
Registered: May 2006
Location: Marlow, UK
Distribution: Slackware 12.2
Posts: 232

Rep: Reputation: 30
Hi Hejemin,

I would dearly love to see your config files (minus sensitive bits of course), as I've been trying for two days to get this working and it's still not playing.

I can get RHEL 5.x clients working with 2008 R2 Active Directory without any issues... but getting RHEL 6 to do it is killing me.

My first question is where does ldap.conf go? /etc or /etc/openldap?

Here are my relevant files:

uri ldap://
base dc=child,dc=test,dc=ad
binddn cn=sa_ldap,ou=Service Accounts,ou=Users,ou=Managed,dc=child,dc=test,dc=ad
bindpw Password123
scope sub
ssl no
nss_base_passwd dc=child,dc=test,dc=ad?sub
nss_base_shadow dc=child,dc=test,dc=ad?sub
nss_base_group dc=child,dc=test,dc=ad?sub? &(objectCategory=group) (gidnumber=*)
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_objectclass posixGroup group
nss_map_attribute uid sAMAccountName
nss_map_attribute uidNumber uidNumber
nss_map_attribute gidNumber gidNumber
nss_map_attribute loginShell loginShell
nss_map_attribute gecos cn
nss_map_attribute userPassword msSFUPassword
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute uniqueMember member
nss_map_attribute cn cn
timelimit 120
bind_timelimit 120
idle_timelimit 3600
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
BASE     dc=child,dc=test,dc=ad
URI      ldap://
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

 default_realm = CHILD.TEST.AD
 dns_lookup_realm = true
 dns_lookup_kdc = true
 ticket_lifetime = 24h
 forwardable = yes

  kdc =
  admin_server =
  default_domain =

[domain_realm] = CHILD.TEST.AD = CHILD.TEST.AD
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required
auth        sufficient nullok try_first_pass
auth        sufficient use_first_pass
auth        requisite uid >= 500 quiet
auth        required

account     required
account     sufficient
account     sufficient
account     sufficient uid < 500 quiet
account     required

password    requisite try_first_pass retry=3 type=
password    sufficient use_authtok
password    sufficient sha512 shadow nullok try_first_pass use_authtok
password    required

session     optional revoke
session     required
session     required
session     [success=1 default=ignore] service in crond quiet use_uid
session     required
passwd:     files ldap
shadow:     files ldap
group:      files ldap

#hosts:     db files nisplus nis dns
hosts:      files dns

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files     

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files

netgroup:   nisplus

publickey:  nisplus

automount:  files nisplus
aliases:    files nisplus
I'm not sure what should go in /etc/sssd.conf.

Time/date is synchronised with the domain controller, and all host names can be resolved without issue.

I realise this thread is quite old, but any pointers would be greatly received :-)

Many thanks,



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
RHEL6: LDAP-based Auth, pam_ldap, and uidNumber issues... enigma_0Z Linux - Enterprise 1 11-22-2011 02:51 PM
ldap 2.4 rhel6 problem with openldap ldap_bind: Invalid credentials (49) dshivji Linux - Server 3 12-04-2010 03:23 AM
intigration of windows 2008 server with open ldap yasir453 Linux - Server 6 10-01-2010 05:31 PM
rdesktop 1.6 and windows server 2008 fmedwards3 Linux - Software 2 08-02-2010 11:51 AM
ldap on ubuntuserver + windows terminalserver 2008 stian General 2 06-25-2009 08:33 AM

All times are GMT -5. The time now is 05:05 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration