Tuesday, 25 October 2011

RHEL5.6 issues with LDAP/KRB5 authentication

RHEL5.6 issues with LDAP/KRB5 authentication

So i have set up a RHEL5.6 VM as a basic system.

I have upgraded a Win2003 Server to 2003 RC2, and installed the Unix services on it.

Using system > Administration > Authentication from the desktop, I have configured LDAP under "User Information". I am not using TLS to encrypt, and set the ldap server as

On the "Authentication" tab i have Configured Kerberos. I have manually entered the Realm, KDC and Admin Servers. I have also ticked both boxes "Use DNS to resolve...."

If i run:
ldapsearch -x dubious -b "CN=Users,dc=domain,dc=com" -D "CNLDAPadmin,CN=Users,DC=domain,CN=com" -W I get loads of replies, then Size limit exceeded. As you would expect.

If i run kinit as LDAPadmin, put in the password, and then run klist, everything seems to be ok, as i get a token. I then used kdestroy to get rid of the token

I have edited /etc/ldap.conf and added:
binddn CN=LDAPAdmin,CN=Users,CN=domain,CN=com
bindpw password
nss_map_objectclass posixAccount User
nss_map_objectclass posixGroup Group
nss_map_attribute homeDirectoy unixHomeDirectory

If i run "getent passwd" it returns users from Active Directory that have a UID associated in the "Unix Attributes" tab. I can also su to these users, and it creates the home directory,a dn when i run "id" i am getting the values that I inserted in ADS for GID and UID.

However i cannot SSH as the user, not log in at the desktop as the user. when i try to ssh as the user, it hangs for a few secs, then asks for the password. Once the password is entered, it hangs for a while (i am assuming until the timeout is reached) and then says Permission Denied.

[This is being done in a test network, that can be a little slow, so i wouldnt be too worried about the initial hang while it looks up the ssh user]

So from what I am seeing, to me it looks like the system is connecting to LDAP, but i have no idea where it is all going pear shaped......

No comments:

Post a Comment