Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have some linux clients connected to a MS domain controller. And I need to get certificates autoenrolled for them from Microsoft Active Directory Certificate Services. Is there a linux tool that I can use to get this thing done?
Currently AD authentication for Linux hosts is done through a third party tool.
Hi,
I have some linux clients connected to a MS domain controller. And I need to get certificates autoenrolled for them from Microsoft Active Directory Certificate Services. Is there a linux tool that I can use to get this thing done?
Currently AD authentication for Linux hosts is done through a third party tool.
You don't tell us what version/distro of Linux, what version of Windows is on the DC, or what "third party tool" you're using, so we have no idea what you've got to work with, what you've done/tried, or what error(s) you get. So, there's little we can tell you, unless you provide details.
From what I've read, you may be able to use LDAP to do this, but if you're using Microsoft, have you asked their tech-support folks?
Hi,
I have Microsoft Active Directory running on Windows server 2008 R2. And my certificate services also running on Windows server 2008 R2. The linux distributions that are connected to the AD is RedHat Enterprise Linux (RHEL 6.0 and 5.5) and Suse Linux Enterprise Server (SLES 11 and 10). The AD authentication for the linux clients is done through Quest software Authentication Services.
I have tested the possibilities of using SCEP protocol for this scenario. What I tested is SSCEP. Since SCEP is by design for issue certificates for the network devices, Microsoft SCEP service does not perform a domain authentication prior to issuing a certificate. I need to perform a domain authentication prior to issuing a certificate.
Any help or hint on this scenario is highly appreciated.
Hi,
I have Microsoft Active Directory running on Windows server 2008 R2. And my certificate services also running on Windows server 2008 R2. The linux distributions that are connected to the AD is RedHat Enterprise Linux (RHEL 6.0 and 5.5) and Suse Linux Enterprise Server (SLES 11 and 10). The AD authentication for the linux clients is done through Quest software Authentication Services.
I have tested the possibilities of using SCEP protocol for this scenario. What I tested is SSCEP. Since SCEP is by design for issue certificates for the network devices, Microsoft SCEP service does not perform a domain authentication prior to issuing a certificate. I need to perform a domain authentication prior to issuing a certificate.
Well, since you're in an environment that's vendor-supported, I'll again suggest contacting your vendors. Microsoft, RedHat, and Novell, in this case, since you're using pay-for products from each of them.
You mention the SCEP software, which you know won't do what you want. Again, LDAP can be used in this situation, from what I've read, but I've not actually done it, which is why contacting Microsoft will be a good idea. They'll be able to tell you where certificates are, how to generate them, etc.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.