[SOLVED] Configuring Active Directory users authentication on Cent-OS boxes
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Configuring Active Directory users authentication on Cent-OS boxes
I am trying to authenticate AD users on Cent-OS box.I have installed AD on my test machine. From Cent-OS, I can do ldapsearch on that.
However when I try to authenticate using users it gives error in /var/log/messages as
failed to bind to LDAP server ldap://10.55.199.117/: Server is unwilling to perform
Also, I have some basic questions on this scenario,
1.Does configuring kerberos authentication is required for this setup to work.
2.Does machine need to be added in AD to users get authenticate. Means do I need to add DNS server entries in /etc/resolve.conf
Thanks for clearing my doubt. I am now installing wireshark and will check with that.
I have tried with new machine to point to same AD. I have used authconfig-tui to enable the authentication. Now when I tried to use
It does not list AD users and /var/log/messages shows below errors,
Oct 22 10:12:36 br0212 su: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)...
Oct 22 10:12:40 br0212 su: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)...
Oct 22 10:12:48 br0212 su: nss_ldap: reconnecting to LDAP server (sleeping 16 seconds)...
Oct 22 10:13:04 br0212 su: nss_ldap: reconnecting to LDAP server (sleeping 32 seconds)...
my /etc/ldap.conf with removing commented line is as below,
Sorry for confusion, actually .117 is Openldap server and .114 is AD server. earlier for .117 also similar messages was coming. But that was issue with my n/w.From my client, I am not able to reach to .117 with 389 port.After resolving that my authentication with Openldap is working fine.
Now I want to do the same with AD. But I am getting above messages.
To get the dump, I have tried tcudump command on client end [Cent-OS]. When I tried tcpdump, it does not show any messages. However /var/log/messages give
Oct 22 11:04:18 br0212 nscd: nss_ldap: reconnecting to LDAP server (sleeping 16 seconds)...
Oct 22 11:04:19 br0212 tcpdump: nss_ldap: reconnecting to LDAP server (sleeping 16 seconds)...
Oct 22 11:04:19 br0212 tcpdump: nss_ldap: reconnecting to LDAP server (sleeping 32 seconds)...
Oct 22 11:04:19 br0212 tcpdump: nss_ldap: reconnecting to LDAP server (sleeping 64 seconds)...
Oct 22 11:04:20 br0212 tcpdump: nss_ldap: could not search LDAP server - Server is unavailable
Oct 22 11:04:20 br0212 kernel: device eth0 left promiscuous mode
Oct 22 11:04:21 br0212 kernel: device eth0 entered promiscuous mode
Oct 22 11:04:26 br0212 tcpdump: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)...
Oct 22 11:04:30 br0212 tcpdump: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)...
Oct 22 11:04:34 br0212 nscd: nss_ldap: reconnecting to LDAP server (sleeping 32 seconds)...
Oct 22 11:04:38 br0212 tcpdump: nss_ldap: reconnecting to LDAP server (sleeping 16 seconds)...
Oct 22 11:04:54 br0212 tcpdump: nss_ldap: reconnecting to LDAP server (sleeping 32 seconds)...
ldap on port 389, wireshark will break it all down very nicely, you'll get more information about the LDAP queries than you thought existed in the first place. Unless you've got TLS running on it too, but that's probably not the case.
..........000004DC: LdapErr: DSID-0C0906DC, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db0.0....B
I have observed two things,
1.For su request its not able to bind with AD, might becoz its not getting password.
2.Search query for su is with filter (&(objectclass=posixAccount)(uid=pradip))"
1.Need to pass password for Administrator bind
2.Somehow AD users are not POSIX enabled.so need to enable them
Please comment on this if I am shooting in wrong direction