LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (http://www.linuxquestions.org/questions/linux-software-2/)
-   -   Linux 5U7 LDAP setup incorrect (http://www.linuxquestions.org/questions/linux-software-2/linux-5u7-ldap-setup-incorrect-917410/)

SteveInTallyFL 12-06-2011 10:33 AM

Linux 5U7 LDAP setup incorrect
 
I am implementing virtual servers using Active Directory as LDAP source. I have had success with the user accounts (though it stopped working last week). Now I want to set up computer name resolution without maintaining individual host files on each Linux guest server. My resolve.conf points to Google public dns, but I need to resolve my internal servers by name internally. I added the computers in my Active Directory within the local domain container. I set the Unix Atrributes for nisplus to my internal container that also has my user accounts and put in the static IP address as appropriate.

in nsswitch.conf I have "hosts: files dns". Do I need to add nisplus?

acid_kewpie 12-06-2011 11:14 AM

what has any of this got to do with ldap? should you not just be using the DNS services provided by AD? Your servers should never be going to an external DNS service, AD should be forwarding public requests centrally.

Nothing to do with Networking - moved to Linux - Software.

SteveInTallyFL 12-06-2011 01:56 PM

UPDATE:
changed nameservers in resolv.conf to my primary and backup Active Directory servers. Verified that they would forward for external resolution by "dig @<AD IP address> cnn.com" and got affirmative response.

Rebooted server server. Still cannot resolve a name.

acid_kewpie 12-06-2011 04:30 PM

well what requests are actually being made? tcpdump on port 53 and watch what the DC actually says.

agentbuzz 12-06-2011 07:02 PM

LDAP and Windows computer names.
 
SteveInTallyFL,
You are not using NIS, so there is no need to include that in nsswitch.conf. If you are implementing Linux servers using AD as an LDAP directory, then you can just hit it with the stock LDAP client and command line tools on either port 389 or port 3268.
If you get no response for DNS name resolution from the DCs, check the iptables config with an "iptables -L" and check the host-based firewall on the Windows DC and any intermediate device, such as an ASA, between the hosts. If the DC is Server 2008, try a "netsh advfirewall set allprofiles state off" and then try to hit it from the Linux host again.


All times are GMT -5. The time now is 05:11 AM.