Fedora DS, Kerberos, Active Directory - HOWTO?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Howard Wilkinson wrote:
> Richard,
>
> I am implementing the Fedora DS to provide data from other domains 
> than my AD. So I have other roots in the Directory Store already. I 
> also will be storing additional information for users in the DS to 
> support RADIUS and other applications. However our primary 
> authentication store is on Windows 2003 using the KDC. I have users 
> who have Kerberos tickets granted and can do GSSAPI exchanges with the 
> AD to retrieve LDAP results. The DS has a map which I believe should 
> take a Kerberos/GSSAPI identity and map it to a LDAP lookup. I have 
> arranged for users to be synchronised using the Windows Sync and am 
> trying to match on uid=<samAccountName>,OU=People,DC=example,DC=com 
> for the user.
>
> >From the debug logs I am not sure that the DS is doing the GSSAPI 
> look or executing the maps but I get permission denied response with 
> 'ldap_sasl_interactive_bind_s: Invalid credentials (49)' as the 
> primary message.
>
> I am not sure where to look next unless what I need to do is to add 
> some acl's for the users currently I just want to get LDAPSEARCH 
> working with Kerberos.
I presume you've seen 
http://directory.fedoraproject.org/wiki/Howto:Kerberos and 
http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1083165

If it's still not working, then perhaps it's some sort of cross domain 
trust issue.
>
> Howard.
>
>
> -- 
>
> Howard Wilkinson
>
> 	
>
> Phone:
>
> 	
>
> +44(20)76907075
>
> Coherent Technology Limited
>
> 	
>
> Fax:
>
> 	
>
>  
>
> 23 Northampton Square,
>
> 	
>
> Mobile:
>
> 	
>
> +44(7980)639379
>
> United Kingdom, EC1V 0HL
>
> 	
>
> Email:
>
> 	
>
> howard at cohtech.com
>
>  
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20070420/5e7f1854/attachment.bin
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux