Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Authenticating against Active Directory
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
acid_kewpie
n00b
n00b


Joined: 14 Apr 2003
Posts: 39
PostPosted: Fri Jun 09, 2006 9:15 pm    Post subject: Authenticating against Active Directory Reply with quote
Hi,

I've read a dozen near identical guides on active directory integration to perform ldap authentication and am not able to get things playing nicely.

my ldap.conf looks like this:
Code:
host 10.224.2.21
base OU=Admins,OU=GB,dc=example,dc=net
binddn CN=ldapviewer,ou=Service Accounts,ou=Admins,ou=GB,dc=example,dc=net
bindpw password
scope sub
pam_login_attribute sAMAccountName
nss_map_objectclass posixAccount User
nss_map_objectclass shadowAccount User
nss_map_attribute uid sAMAccountName
nss_map_attribute homeDirectory msSFUHomeDirectory
nss_map_objectclass posixGroup Group
nss_map_attribute uniqueMember member
nss_map_attribute cn sAMAccountName
pam_filter objectclass=User
pam_password md5
nss_base_passwd OU=Admins,OU=GB,dc=example,dc=net?sub
nss_base_shadow OU=Admins,OU=GB,dc=example,dc=net?sub
nss_base_group  OU=Admins,OU=GB,dc=example,dc=net?sub
ssl no
now i can do ldapsearch stuff no problem and have nsswitch.conf set up to look towards ldap for group passwd and shadow, but using getent i can only get details back for shadow, which obviously isn't enough to log in. a getent does pull the right(ish) data out of ad (from a tcpdump i can see it) but it gets dumped somewhere and forgotten about. now i don't have SFU installed on the ad server, and never will do, so i know in the example that the homedirectory value there is wrong, but setting it to other nominal values like sAMAccountName or something i still get nothing.

actually logging in through pam, i see a sucecssful bind and search and then a request to bind via the login name (which i assume is all is done for the real ldap auth) and i see that it is not sending across my password but instead ethereal tells me the password is apparently "\r\n\l\INCORRECT" which obviously suggests that pam_ldap already knows somethigns wrong, but i can't find any way to add a debug or something.

any clues guys?

Cheers

Chris
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy