Need assistance configuring LDAP authentication with Windows 2008 AD
Linux - EnterpriseThis forum is for all items relating to using Linux in the Enterprise.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Need assistance configuring LDAP authentication with Windows 2008 AD
I'm attempting to configure LDAP authentication on Red Hat Enterprise Linux 6.2 using SSSD with Windows Server 2008 Active Directory. At this point, I've read so many bits and pieces of this on various forums that my head's spinning. I don't know AD at all (other than what it does), and I've not configured an LDAP client before. What I really need is a step-by-step process or "cookbook", starting with the packages which must be installed, because I'm not convinced I have all of them.
Any and all info that forum participants can provide will be greatly appreciated.
well first things first... where are your posix details coming from? Without additional unix schemas installed on AD, there isn't enough information on the AD to use as an unix account server.
I configure ldap on el6 through /etc/nslcd.conf and /etc/pam_ldap.conf, not fussed about sssd personally.
Distribution: Kubuntu 20.04 LTS / Windows 10 21H2 (paused forever) / Windows 2016 Server
Posts: 23
Rep:
I probably can't help to much, but I can get you off in the right direction I think. LOL, ah well here goes:
Have you added the Microsoft Identity Management for Unix Role Service to AD? If not do so.
I joined Ubuntu to my AD domain 2008R2 Server using likewise-open using ADS security settings. I saw the ldap selection in the drop down of available authentication types but I did not use it, I selected ADS instead (Active Directory Services).
I don't use RH. I did try the following with Fedora 16 and it did not work out perfectly. I did also do the following with Ubuntu 10.04 LTS and it worked perfectly.
installed likewise open and samba-winbind apt-get in ubuntu and yum in fedora.
After that I used the likewise open shortcut I found in the administration menu's of each OS and from there it is pretty self explanatory, plug in DC and REALM, select security type and click join button. As I said, I never did get it working right on Fedora 16 (64 bit) but Ubuntu 10.04 LTS did it all seamlessly.
On the Windows 2008 server side, after you install Mgmnt for Srvs for unix, create a (global/security-defaults) group and use the groups properties sheet to configure the unix attributes. You can also do the same for each unix user you create. I am also just learning Windows 2008 Server. I have had some previous experience with 2ksrv and various versions of linux.
I found it easier, being gui driven, to find the GUID of the user on Ubuntu. I still haven't figured out how to find it on Fedora. I forgot how to do it and have had time to google it yet:-)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.