Re: Configuring RHEL servers to authenticate with Windows Server 2008Active Directory

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



My understanding is that they need to change it from the AD/Windows side.

> Hi all.
>
>
> I've got my RHEL-server to autenticate against Active Directory, and
> things
> are looking good. I have one small issue maybe someone here know how to
> fix:
> When a users password expires the user must be able to change it. Nomally
> a
> users would be allowed to log in based on the current password, be she
> would
> be promted for a new password following the login. In the current setup
> where my linux servers autheticate against AD, the users whose password
> have
> expired are simply locked out from the server. Is there a way to tune
> linux
> to allow login, but have the users change password on login?
>
>
> - Kenneth
>
>
> On Wed, Jan 27, 2010 at 2:39 PM, s u p e r n a u t
> <supernaut@xxxxxxx>wrote:
>
>> I've used this in the past to good effect with RHEL5.3 and W2K3.  I'm
>> sure
>> you'll have to make adjustments with W2K8, but it may be a good starting
>> point.
>>
>>
>> http://www.interopsystems.com/downloads/Native_LDAP_native_Kerberos_and_AD_services.pdf
>>
>>
>>
>> ----- Original Message ----- From: "Kenneth Holter"
>> <kenneho.ndu@xxxxxxxxx
>> >
>> To: "General Red Hat Linux discussion list" <redhat-list@xxxxxxxxxx>
>> Sent: Wednesday, January 27, 2010 7:58 AM
>> Subject: Re: Configuring RHEL servers to authenticate with Windows
>> Server
>> 2008Active Directory
>>
>>
>>  Thanks for your reply.
>>>
>>> I would like the account and group information to be maintained in AD.
>>> Possibly later on we'll implement kerberos too.
>>>
>>>
>>> - Kenneth
>>>
>>> On Tue, Jan 26, 2010 at 5:32 PM, Marti, Robert <RJM002@xxxxxxxx> wrote:
>>>
>>>  If you just care about authentication and not accounts, I'd set up
>>>> kerberos
>>>> auth - much easier.  I have no experience setting up LDAP auth, sorry.
>>>>
>>>> Rob Marti
>>>> ________________________________________
>>>> From: redhat-list-bounces@xxxxxxxxxx [redhat-list-bounces@xxxxxxxxxx]
>>>> On
>>>> Behalf Of Kenneth Holter [kenneho.ndu@xxxxxxxxx]
>>>> Sent: Tuesday, January 26, 2010 10:17
>>>> To: redhat-list@xxxxxxxxxx
>>>> Subject: Configuring RHEL servers to authenticate with Windows Server
>>>> 2008
>>>>     Active Directory
>>>>
>>>> Hello all.
>>>>
>>>>
>>>> I'd like to set my RHEL 4 and 5 servers up to authenticate with our
>>>> Windows
>>>> server 2008 Active Directory. Using "authconfig --update --enableldap
>>>> --enableldapauth
>>>> --ldapserver=ldap.example.com--ldapbasedn=dn=example,dn=com"
>>>> and adding "binddn" and "bindpw" to the /etc/ldap.conf file, it looks
>>>> like
>>>> the linux box is connecting correctly to the AD server. But running
>>>> "getent
>>>> passwd <some-linux-user-defined-on-AD>" doesn't return any result.
>>>>
>>>> I'm suspecting that maybe it's my nss_ldap attribute mappings that are
>>>> not
>>>> correct. I have no attribute mapping defined, since I would think that
>>>> there
>>>> would be some default mappings that would work. Are there any default
>>>> mapping, and in case what are they? Or maybe "authconfig" set up these
>>>> mappings automatically? Any advice is appreciated.
>>>>
>>>> Best regards,
>>>> Kenneth Holter
>>>> --
>>>> redhat-list mailing list
>>>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
>>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>>
>>>> --
>>>> redhat-list mailing list
>>>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
>>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>>
>>>>  --
>>> redhat-list mailing list
>>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>
>>>
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>


-- 
Mike Burger
http://www.bubbanfriends.org

Visit the Dog Pound II BBS
telnet://dogpound2.citadel.org or http://dogpound2.citadel.org

To be notified of updates to the web site, visit:

https://www.bubbanfriends.org/mailman/listinfo/site-update

or send a blank email message to:

site-update-subscribe@xxxxxxxxxxxxxxxxx

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux