Comments on: Complete Linux-AD Authentication Details http://blog.scottlowe.org/2005/12/22/complete-linux-ad-authentication-details/ The weblog of an IT pro specializing in virtualization, storage, and servers Wed, 08 Feb 2012 17:13:47 +0000 hourly 1 http://wordpress.org/?v= By: Linux-AD Integration, Version 4 - blog.scottlowe.org - The weblog of an IT pro specializing in virtualization, storage, and servers http://blog.scottlowe.org/2005/12/22/complete-linux-ad-authentication-details/comment-page-1/#comment-52472 Linux-AD Integration, Version 4 - blog.scottlowe.org - The weblog of an IT pro specializing in virtualization, storage, and servers Fri, 13 Jan 2012 17:57:27 +0000 http://blog.scottlowe.org/?p=143#comment-52472 [...] are looking for information on using Linux with a previous version of Windows, please refer back to this article. The only significant changes in the process involve the mapping of the LDAP attributes; otherwise, [...] [...] are looking for information on using Linux with a previous version of Windows, please refer back to this article. The only significant changes in the process involve the mapping of the LDAP attributes; otherwise, [...]

]]> By: David http://blog.scottlowe.org/2005/12/22/complete-linux-ad-authentication-details/comment-page-1/#comment-47784 David Thu, 01 Apr 2010 14:57:45 +0000 http://blog.scottlowe.org/?p=143#comment-47784 Thanks for the article. This comment is for hope that I can get some assistance with a problem I am having. Setup: Windows 2003 AD server. Ubuntu 9.10 server and tried to setup ldap and testing with getent and id I just setup a centos 5.4 server and used the authentication gui tools to connect to the ldap server. Problem is the ubuntu machine does not return any results from the AD using getent passwd, group or shadow and if it does its for local accounts and groups, shadow returns nothing. Centos returns data with getent shadow from the AD server but passwd and group doesn't return anything but local or group accounts. I noticed if I changed mappings in the ldap.conf file the getent shadow returned results or not based off what mappings I commented out. I uncommented the AD mapping sections as I don't have the SFU installed. My goal is to have this client machine authenticate a FTP user so that FTP user can write files which is protected with user/groups in the AD server. So I don't believe I need anything fancy, but I am just trying to get these results then I can take the next step. I followed your article among others on the internet and I am going nuts. Thanks. Any ideas? I have been searching for a while and on my 2nd day. Thanks for the article. This comment is for hope that I can get some assistance with a problem I am having.

Setup:
Windows 2003 AD server.
Ubuntu 9.10 server and tried to setup ldap and testing with getent and id
I just setup a centos 5.4 server and used the authentication gui tools to connect to the ldap server.

Problem is the ubuntu machine does not return any results from the AD using getent passwd, group or shadow and if it does its for local accounts and groups, shadow returns nothing. Centos returns data with getent shadow from the AD server but passwd and group doesn’t return anything but local or group accounts.

I noticed if I changed mappings in the ldap.conf file the getent shadow returned results or not based off what mappings I commented out. I uncommented the AD mapping sections as I don’t have the SFU installed.

My goal is to have this client machine authenticate a FTP user so that FTP user can write files which is protected with user/groups in the AD server. So I don’t believe I need anything fancy, but I am just trying to get these results then I can take the next step.

I followed your article among others on the internet and I am going nuts.

Thanks.

Any ideas? I have been searching for a while and on my 2nd day.

]]> By: Nisso Moyal http://blog.scottlowe.org/2005/12/22/complete-linux-ad-authentication-details/comment-page-1/#comment-43834 Nisso Moyal Wed, 11 Mar 2009 16:53:49 +0000 http://blog.scottlowe.org/?p=143#comment-43834 Slowe, forgot to mention that I have 2008 AD installed, I'm going to test your method with ubuntu clients. I saw your article about the 2008 server so I'll use that and will let you know if i have any issues. Slowe,
forgot to mention that I have 2008 AD installed, I’m going to test your method with ubuntu clients. I saw your article about the 2008 server so I’ll use that and will let you know if i have any issues.

]]> By: slowe http://blog.scottlowe.org/2005/12/22/complete-linux-ad-authentication-details/comment-page-1/#comment-43817 slowe Mon, 09 Mar 2009 18:14:06 +0000 http://blog.scottlowe.org/?p=143#comment-43817 Nisso, I don't think that the overhead of using LDAP is going to be all that much different from the overhead of using Winbind, but I don't have any objective data one way or another. And yes, it does work the way I describe above. Nisso,

I don’t think that the overhead of using LDAP is going to be all that much different from the overhead of using Winbind, but I don’t have any objective data one way or another.

And yes, it does work the way I describe above.

]]> By: Nisso Moyal http://blog.scottlowe.org/2005/12/22/complete-linux-ad-authentication-details/comment-page-1/#comment-43815 Nisso Moyal Mon, 09 Mar 2009 17:06:16 +0000 http://blog.scottlowe.org/?p=143#comment-43815 I'm about to add 200 linux users to my domain and thought about the option you offer but I was worried about the overhead of ldap server. I ran into this article and thought using it through winbind http://technet.microsoft.com/en-us/magazine/2008.12.linux.aspx Does single sign on really work for you with the method that you described? I’m about to add 200 linux users to my domain and thought about the option you offer but I was worried about the overhead of ldap server.
I ran into this article and thought using it through winbind
http://technet.microsoft.com/en-us/magazine/2008.12.linux.aspx

Does single sign on really work for you with the method that you described?

]]> By: Linux-AD Integration, Version 4 « Junji’s Blog Site http://blog.scottlowe.org/2005/12/22/complete-linux-ad-authentication-details/comment-page-1/#comment-40778 Linux-AD Integration, Version 4 « Junji’s Blog Site Wed, 20 Aug 2008 08:14:53 +0000 http://blog.scottlowe.org/?p=143#comment-40778 [...] are looking for information on using Linux with a previous version of Windows, please refer back to this article.  The only significant changes in the process involve the mapping of the LDAP attributes; [...] [...] are looking for information on using Linux with a previous version of Windows, please refer back to this article.  The only significant changes in the process involve the mapping of the LDAP attributes; [...]

]]> By: Deependra Singh Shekhawat http://blog.scottlowe.org/2005/12/22/complete-linux-ad-authentication-details/comment-page-1/#comment-40171 Deependra Singh Shekhawat Sat, 26 Jul 2008 04:33:11 +0000 http://blog.scottlowe.org/?p=143#comment-40171 Hi, Very excellent tutorial. I was able to authenticate Linux machines from Active Directory on windows server 2003. Kerberos part really helped me alot. Will be reading your article regarding NFS mounts next. Again thanks alot. Hi,

Very excellent tutorial. I was able to authenticate Linux machines from Active Directory on windows server 2003.

Kerberos part really helped me alot.

Will be reading your article regarding NFS mounts next.

Again thanks alot.

]]> By: User http://blog.scottlowe.org/2005/12/22/complete-linux-ad-authentication-details/comment-page-1/#comment-40065 User Tue, 15 Jul 2008 18:51:31 +0000 http://blog.scottlowe.org/?p=143#comment-40065 I have followed the instructions as above but without using SFU as post 3. However getent passwd username returns nothing. /etc/ldap.conf looks correct. Can you help? I have followed the instructions as above but without using SFU as post 3. However getent passwd username returns nothing. /etc/ldap.conf looks correct.

Can you help?

]]> By: slowe http://blog.scottlowe.org/2005/12/22/complete-linux-ad-authentication-details/comment-page-1/#comment-39666 slowe Tue, 01 Jul 2008 21:48:54 +0000 http://blog.scottlowe.org/?p=143#comment-39666 Greg, Great point--adding a local user is a great way to help isolate some of the different components involved in this kind of integration project. This at least lets you determine if the problem is Kerberos, LDAP, PAM, or something else entirely. Thanks for reading! Greg,

Great point–adding a local user is a great way to help isolate some of the different components involved in this kind of integration project. This at least lets you determine if the problem is Kerberos, LDAP, PAM, or something else entirely.

Thanks for reading!

]]> By: Greg Kenoyer http://blog.scottlowe.org/2005/12/22/complete-linux-ad-authentication-details/comment-page-1/#comment-39660 Greg Kenoyer Tue, 01 Jul 2008 16:34:38 +0000 http://blog.scottlowe.org/?p=143#comment-39660 Ryan, While you may never come back to this page I thought I should just answer for future readers. I am also on this path and am trying to tie my AD to RHEL v5.1/2 workstations. I encountered the same issue (able to generate tickets but cannot logon). I was able to finally log on when I created (via adduser script) a local account that matched the AD account. I am still trying to get the username map and the winbind methods to work...but at least I know that the other 'stuff' is working. Ryan, While you may never come back to this page I thought I should just answer for future readers. I am also on this path and am trying to tie my AD to RHEL v5.1/2 workstations.
I encountered the same issue (able to generate tickets but cannot logon). I was able to finally log on when I created (via adduser script) a local account that matched the AD account. I am still trying to get the username map and the winbind methods to work…but at least I know that the other ‘stuff’ is working.

]]>