Results 1 to 4 of 4

Thread: Linux AD Integration

  1. #1
    Junior Member
    Join Date
    Jul 2010
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Question Linux AD Integration

    Hello folks,


    I need only centralized authentication via M$ AD and I try configure nss-ldap in my debian box but syslog always says these messages;

    Code:
    Jul 18 15:58:01 debox nscd: nss_ldap: failed to bind to LDAP server ldap://192.168.0.5: Invalid credentials
    Jul 18 15:58:01 debox nscd: nss_ldap: failed to bind to LDAP server ldap://192.168.0.5/: Invalid credentials
    Jul 18 15:58:01 debox nscd: nss_ldap: reconnecting to LDAP server...
    Jul 18 15:58:01 debox nscd: nss_ldap: failed to bind to LDAP server ldap://192.168.0.5: Invalid credentials
    Jul 18 15:58:01 debox nscd: nss_ldap: failed to bind to LDAP server ldap://192.168.0.5/: Invalid credentials
    Jul 18 15:58:01 debox nscd: nss_ldap: reconnecting to LDAP server (sleeping 1 seconds)...
    Jul 18 15:58:02 debox nscd: nss_ldap: failed to bind to LDAP server ldap://192.168.0.5: Invalid credentials
    Jul 18 15:58:02 debox nscd: nss_ldap: failed to bind to LDAP server ldap://192.168.0.5/: Invalid credentials
    Jul 18 15:58:02 debox nscd: nss_ldap: could not search LDAP server - Server is unavailable
    Jul 18 15:58:02 debox sshd[16767]: Invalid user boqor from x.x.x.x
    But i can get answers for ldapsearch command

    Code:
    ldapsearch -x -W -D "cn=Administrator,cn=Users,dc=ad,dc=domain,dc=tld"|grep sAMAccountName
    Enter LDAP Password:
    
    sAMAccountName: Administrator
    sAMAccountName: Guest
    sAMAccountName: boqor
    .
    .
    .

    My config files;

    ldap.conf
    Code:
    host    192.168.0.5
    BASE    dc=ad,dc=domain,dc=tld
    URI     ldap://192.168.0.5/
    binddn  cn=Administrator,cn=Users,dc=ad,dc=domain,dc=tld
    bindpw  pazzword
    scope sub
    ssl no

    libnss-ldap.conf
    Code:
    host    192.168.0.5
    BASE    dc=ad,dc=domain,dc=tld
    URI     ldap://192.168.0.5/
    binddn  cn=Administrator,cn=Users,dc=ad,dc=domain,dc=tld
    bindpw  pazzword
    ldap_version 3
    rootbinddn cn=Administrator,cn=User,dc=ad,dc=domain,dc=tld
    libnss-ldap.secret
    Code:
    pazzword
    nsswitch.conf
    Code:
    passwd: compat ldap
    shadow: compat ldap
    group: compat ldap
    
    hosts:          files dns
    networks:       files
    protocols:      db files
    services:       db files
    ethers:         db files
    rpc:            db files
    netgroup:       nis
    nss-ldapd.conf
    Code:
    host    192.168.0.5
    BASE    dc=ad,dc=domain,dc=tld
    URI     ldap://192.168.0.5/
    binddn  cn=Administrator,cn=Users,dc=ad,dc=domain,dc=tld
    bindpw  pazzword
    scope sub
    timelimit 30

    Anybody can help me? How can i debug nss-ldap?
    M$ logs are not readable or helpful.

  2. #2
    Senior Member ananth_ak's Avatar
    Join Date
    May 2010
    Location
    Vault 101
    Posts
    191
    Thanks
    23
    Thanked 19 Times in 17 Posts
    Rep Power
    6

    Default

    For AD integration, you can use Kerberos.

    Run: authconfig-tui

    Enable Kerberos for authentication then on the next screen enter your Kerberos realm, KDC and admin servers info:

    REALM= DOMAIN.LOCAL
    KDC=pdc.domain.local:88
    ADMIN SERVER=pcd.domain.local:749

    Saving these changes will write the required global settings in /etc/samba/smb.conf for AD authentication.

    Restart samba then join the domain: net ads join -UAdministrator (your windows domain admin account)

  3. #3
    Senior Member
    Join Date
    Jun 2007
    Location
    Hyderabad, AP, India
    Posts
    806
    Thanks
    44
    Thanked 55 Times in 48 Posts
    Rep Power
    12

    Default Not a solution but want to share what we did in our company..

    I feel simplest way to integrate Linux box with AD is to use Winbind(Samba). Let me know if you require steps for implementing AD-Linux.
    Last edited by kumarat9pm; 19th July 2010 at 09:58 AM.
    Thanks,
    Surendra Kumar Anne
    Linux: Fast, friendly, flexible and .... free!
    Support Open source.
    http://www.linuxnix.com

  4. #4
    Is that all you got? rockdalinux's Avatar
    Join Date
    May 2005
    Location
    Planet Vegeta
    Posts
    987
    Thanks
    27
    Thanked 71 Times in 62 Posts
    Rep Power
    19

    Default

    This Howto describes how to add an Ubuntu box in an Active Directory domain and to authenticate the users with AD. It also works with Debian since Ubuntu based upon Debian.
    Rocky Jr.
    What's wrong? I hope I am not making you uncomfortable...

    Never send a boy to do a mans job.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 3
    Last Post: 5th March 2008, 12:30 PM
  2. Replies: 1
    Last Post: 20th December 2006, 02:47 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •