|
Trouble authenticating with Active Directory
I added my Oracle Linux 5 server to our Active Directory. It appears to have joined fine. I run wbinfo -g and see all the groups. I run wbingo -u and see the users. When I try to login useing my AD account I get a permission denied, please try again error. I look at /var/log/secure and see Invalid user errors and Failed password for invalid user errors. I know the user is valid and the password it good. The AD account is not locked.
Any suggestions would be appreciated. Thanks |
It says in the wbinfo man page, not to use this for authentication. Only for querying.
It recommends ntlm_auth for authentication, but that's only a helper program that's called by another program. So which PAM module are you using to do your AD authentication? pam_krb5? Quest Authentication Services (QAS)? Likewise? Centrify? Spike |
I was just using wbinfo to verify that it could see my user account. I believe I am using pam_krb5 for authentication.
|
Maybe you have to enable users trying to log in to the systems to land up in their home directories using the following command:
authconfig --enablemkhomedir --update |
You can use raw pam_ldap + pam_krb5 to enact AD integration with Linux. I have done this (even implemented SASL bindings) and it works. But it seems quite fragile. If you're a hobbyist, or on a shoe-string subject -- this is the way to go.
But if you're in charge of an enterprise env, I'd recommend you going with one of the major players to do this: Centrify, Likewise or Quest (VAS). They can handle cross-domain authentication, one-way trusts, cross-forest authentication from an untrusted domain and other complex scenarios. Also, they have the smart engineers on staff that know Kerberos inside and out. Spike |
| All times are GMT -5. The time now is 04:39 PM. |