Unable to get id of Domain Admin user from Linux LDAP client
Hi friends . I've configured RHEL 5 hosts as LDAP clients against Windows AD. I can authenticate all LDAP users in Linux except those ones that belong to the Domain Admins group within AD . Neither id nor su commands do not work causing 100% cpu usage .
The point is that in AD environment with single DC it works . In current situation I deal with three DCs .
Here are the steps I accomplished for that :
1. Create new user account for Linux host on one DC ;
2. Create krb5.keytab file on DC using ktpass tool ;
3. Edit /etc/ldap.conf, /etc/nsswitch.conf, /etc/pam.d/system-auth ,/etc/krb5.conf ;
4. Import krb5.keytab file into the Linux ( /etc )using ktutil ;
5. Time sync against DC;
6. test Linux login for LDAP ( Windows ) users .
Any ideas ? Thanks .
Vlad .
|