RHEL6, Windows 2008, LDAP
I have Redhat 5 playing nice as it authenticates against windows server 2008. But I ran into issues trying to get Redhat 6 to do it as well.
Here is where I stand on my redhat 6 box: I have my certificates working between the windows and the redhat box. From Root user I can SU to an Active Directory user. getent works. I can see all the users info. ldapsearch works with the CA certificate so my SSL handshake is working. I do not suspect cert issues But when I try to login as active directory on my Redhat 6 box I get told I used an invalid password. The password works just fine on the windows server, so I didn't fat finger anything. I am just confused as to why I can have getent and ldapsearching but can not login. I have turned off iptables on redhat and the firewall on 2008 server to see if that would change the situation but no luck. I noted that in Redhat 6 I need to config SSSD rather then NSCD. Let me know if you need to see my: ldap.conf nsswitch.conf sssd.conf var messages to provide further light and guidance on what I maybe doing wrong or leaving out in my configurations. |
Ensure Kerberos is configured and the server times are synced
|
I am also getting the password error. Did you manage to figure this out?
|
I have figured this out now. I had to add the relevant lines into /etc/pam.d/password-auth. I had only edited system-auth.
|
Hi Hejemin,
I would dearly love to see your config files (minus sensitive bits of course), as I've been trying for two days to get this working and it's still not playing. I can get RHEL 5.x clients working with 2008 R2 Active Directory without any issues... but getting RHEL 6 to do it is killing me. My first question is where does ldap.conf go? /etc or /etc/openldap? Here are my relevant files: /etc/ldap.conf Code:
uri ldap://192.168.0.1/ Code:
BASE dc=child,dc=test,dc=ad Code:
[logging] Code:
#%PAM-1.0 Code:
passwd: files ldap Time/date is synchronised with the domain controller, and all host names can be resolved without issue. I realise this thread is quite old, but any pointers would be greatly received :-) Many thanks, -Mark |
All times are GMT -5. The time now is 10:41 AM. |