To help make it easier to find the various Active Directory integration articles I’ve written, I’m including links below to the latest version of each article. As new versions of an article are published, I can simply update this link to point to the new version.
I’ve grouped the integration articles according to product below.
Linux
Latest version for Windows Server 2008 (“Longhorn”)
Latest version for Windows Server 2003 R2
Latest version for Windows 2000 Server and Windows Server 2003 (pre-R2)
SuSE Linux Enterprise Desktop (SLED)-specific version
Solaris 10
Latest version for Solaris 10 x86
Firewalls
Latest version for Cisco PIX VPN
Latest version for WatchGuard Firebox VPN
VMware ESX Server
Latest version for ESX Server 2.5.x
Latest version for ESX Server 3.0.x
OpenBSD
Latest version for OpenBSD 3.9
Networking Equipment and Protocols
As new articles are published or existing articles are revised with new versions, I’ll update this post accordingly.
Tags: ActiveDirectory, BSD, CentOS, Cisco, ESX, Interoperability, Kerberos, LDAP, Linux, Microsoft, Networking, Samba, Security, Solaris, VMware
-
Haver you ever tried AD with AIX?
Thanks, Clif
-
Clif,
Unfortunately, I haven’t had the opportunity to do any AIX-AD integration, though I would certainly love to give it a try.
Scott
-
Scott;
I currently use NIS and I need to get my Solaris 8, 9 &10 machines to use AD for at least passwd, netgroup, group and my various automounter maps. At some point I would like to integrate my entire set of NIS maps, but the ones mentioned above are the most important.
I’ve seen, but have not tested, articles on setting up Solaris 9 and 10, but none for 8. My understanding of how PAM works is very limited, and I understand that PAM would play a major role here.
Can you, or someone else reading this, recommend what steps and software I would need to do this? Ideally, I would be talking to my AD server in using either SSL or like crypto solution.
Many thanks,
.vp
PS: I’ve looked at winbind and found that it would not work for ssh auth.
-
Wondering if anyone has run across either articles on integrating AD with a java app server (such as BEA’s WebLogic Server) via SPNEGO, or articles troubleshooting AD to non-MS application servers. I’ve got most of it worked out, but having issues with certain user IDs in AD not authenticating properly, even from the same client machine.
Thanks!
Rob -
I am looking for a setup as follow:
DNS – Runs on Linux
ADS – Windows 2000 or Windows 2003 – Pointing to Linux DNS (BIND 9)
Radius Authentication for Admins to access PIX and other network resources including Servers- Could you please, guide me, if you have any resources.
Many thanks,
Suresh
-
Suresh,
A quick Google search should give you plenty of information on using BIND as your DNS for Active Directory. I personally haven’t had the opportunity to do it, so I can’t share any information with you. Likewise, a perusal of the Cisco web site or a Google search should turn up plenty of information on using RADIUS to handle PIX authentication. You can also refer to my article on PIX VPN integration with Active Directory (link above).
-
We’re having some real goofy experiences with the Unix Identity Management components of R2 within our network…
Situation: we’re running an SBS 2003 R2 domain with a member server (also a DC) that is Server 2003 x64 R2. The member server has Unix Id Management installed on it. Also installed on the primary DC (ie: SBS server) is the IDMU.EXE as described in ( http://support.microsoft.com/kb/921913 ) to ensure all the properties tabs are there (they are).
When we query the 2003 ldap database for unix attributes, they can only be seen if the user whose attributes we want to access is the one accessing LDAP, for example on the “Unix Attributes†tab we have setup information for home directories, uid, etc… on a user called test. If we use a LDAP browser and bind using the test user we can see the attributes, but if we bind using a generic user (as anticipated in just about every how-to we’ve come across), the unix attributes cannot be seen.
All of the recommendations for accessing unix attributes through LDAP, create a proxy user to access the attributes for authorization purposes, but if this proxy user cannot see the attributes, then obviously something is not working.
Any insight on how the permissions are supposed to be setup within AD to ensure LDAP bindings are successful??
Thanks!
-
MSB,
I haven’t run into any situations in which an ordinary user (UNIX-enabled or not) can’t be used as the proxy account for nss_ldap to lookup attributes. Then again, I haven’t done any testing on SBS, so it’s entirely possible that the permissions on the attributes is different. You might try granting the permission to read the UNIX attributes to your proxy account to see if that helps at all. Good luck, and keep us posted!
-
I previously had an apache server configured to authenticate against AD using a service account. Everything worked fine, until the primary DC tanked one day. The failover did not work and when the primary DC was brought up, the ldap auth did not work any more. Upon investigation, the SPN (as viewed in adsiedit.msc had duplicate entries, so I deleted them, thinking that ktpass would regenerate the mapping. HOWEVER:
ktpass.exe -princ [email protected] -mapus
er service.svc -crypto des-cbc-md5 +DesOnly -pass password -kvno 19 -ptype KRB5_NT_PRINCIPAL -out keytab.keytab
Targeting domain controller: domaincontroller.domain.com
Failed to set property “servicePrincipalName” to “boxname.domain.com” on Dn “CN=service.svc,OU=ServiceAccounts,D
C=Domain1,DC=Domain2,DC=com”: 0×13.
WARNING: Unable to set SPN mapping data.
If service.svc already has an SPN mapping installed for boxname.domain.com, this is no cause for concern.
Key created.
Output keytab to keytab.keytab:
Keytab version: 0×502
keysize 75 [email protected] ptype 1 (KRB5_NT_PRINCIPAL) vno 19 etype 0×3 (DES-CBC-MD5)
keylength 8 (0x19624394c2434fb5)
Account service.svc has been set for DES-only encryption.so, question: what is my best course of action from this point?
thanks
-
hi i need setup activity directory via pam aix 5.2 any idea? tks
-
1. Hi
I have server running Red Hat Enterprise Linux ES release 4 (Nahant Update 6). we have ldap configured on it, here is several problems that we have encountered and i’m wondering if anyone else has seen them:
1. doing the following causes segmentation fault.
#getent -s ‘dns ldap’ passwd
Segmentation fault
2. using sudo gets the followign error:
#sudo getent passwd
Password:
sudo: ../../../libraries/liblber/sockbuf.c:90: ber_sockbuf_ctrl: Assertion `sb != ((void *)0)’ failed.
Aborted
any comments is appreciated.
regards,
Kathy -
Have you tried AD auth with OSX? What I am specifically looking for is auto-binding a mac system to AD like you can a windows system via a script.
Thoughts?
-
Jesse, I have not. In fact, I haven’t messed with AD integration in a couple of years—it’s just not a focus area for me any longer. Sorry!
Site Sponsors
14 comments
Comments feed for this article
Trackback link: http://blog.scottlowe.org/2007/01/15/active-directory-integration-index/trackback/