Post edited 9:30 am – November 3, 2011 by Mordechai
hi,
i have followed the guide (http://www.linuxmail.info/acti…..e-sign-on/) and configured ldap and kerberos.
i'm running rhel 5.5 server and win2008r2 AD.
when running getent passwd i get only the users in the /etc/passwd file, and not domain users.
i have dns resolving, i have manualy added the computer account to the AD.
am i missing anything?
my files are:
/etc/ldap.conf
uri ldap://vl-ads-01.ldap2008.com
base dc=ldap2008,dc=com
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5
binddn ldap2008bindacc
bindpw P@ssword
nss_map_objectclass posixAccount User
nss_map_objectclass posixGroup Group
nss_map_attribute uid msSFU30Name
nss_map_attribute uidNumber msSFU30UidNumber
nss_map_attribute gidNumber msSFU30GidNumber
nss_map_attribute homeDirectory msSFU30HomeDirectory
nss_map_attribute loginShell msSFU30LoginShell
/etc/krb5.conf:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = LDAP2008.COM
dns_lookup_realm = false
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
[realms]
LDAP2008.COM = {
kdc = vl-ads-01.ldap2008.com
admin_server = vl-ads-01.ldap2008.com
}
[domain_realm]
ldap2008.com = LDAP2008.COM
.ldap2008.com = LDAP2008.COM
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
thanks
mordechai
Subscribe |
Follow me
Login 
Register 
Search 
Home
Reply to Post
Add a New Topic
Quote and Reply 
Topic RSS 
