Re: Configuring RHEL servers to authenticate with Windows Server 2008Active Directory

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



hi
did you check gruop policy object and computer on W2k8.

On Mon, Apr 19, 2010 at 7:46 AM, Kenneth Holter <kenneho.ndu@xxxxxxxxx>wrote:

> Hi all.
>
>
> I've got my RHEL-server to autenticate against Active Directory, and things
> are looking good. I have one small issue maybe someone here know how to
> fix:
> When a users password expires the user must be able to change it. Nomally a
> users would be allowed to log in based on the current password, be she
> would
> be promted for a new password following the login. In the current setup
> where my linux servers autheticate against AD, the users whose password
> have
> expired are simply locked out from the server. Is there a way to tune linux
> to allow login, but have the users change password on login?
>
>
> - Kenneth
>
>
> On Wed, Jan 27, 2010 at 2:39 PM, s u p e r n a u t <supernaut@xxxxxxx
> >wrote:
>
> > I've used this in the past to good effect with RHEL5.3 and W2K3.  I'm
> sure
> > you'll have to make adjustments with W2K8, but it may be a good starting
> > point.
> >
> >
> >
> http://www.interopsystems.com/downloads/Native_LDAP_native_Kerberos_and_AD_services.pdf
> >
> >
> >
> > ----- Original Message ----- From: "Kenneth Holter" <
> kenneho.ndu@xxxxxxxxx
> > >
> > To: "General Red Hat Linux discussion list" <redhat-list@xxxxxxxxxx>
> > Sent: Wednesday, January 27, 2010 7:58 AM
> > Subject: Re: Configuring RHEL servers to authenticate with Windows Server
> > 2008Active Directory
> >
> >
> >  Thanks for your reply.
> >>
> >> I would like the account and group information to be maintained in AD.
> >> Possibly later on we'll implement kerberos too.
> >>
> >>
> >> - Kenneth
> >>
> >> On Tue, Jan 26, 2010 at 5:32 PM, Marti, Robert <RJM002@xxxxxxxx> wrote:
> >>
> >>  If you just care about authentication and not accounts, I'd set up
> >>> kerberos
> >>> auth - much easier.  I have no experience setting up LDAP auth, sorry.
> >>>
> >>> Rob Marti
> >>> ________________________________________
> >>> From: redhat-list-bounces@xxxxxxxxxx [redhat-list-bounces@xxxxxxxxxx]
> On
> >>> Behalf Of Kenneth Holter [kenneho.ndu@xxxxxxxxx]
> >>> Sent: Tuesday, January 26, 2010 10:17
> >>> To: redhat-list@xxxxxxxxxx
> >>> Subject: Configuring RHEL servers to authenticate with Windows Server
> >>> 2008
> >>>     Active Directory
> >>>
> >>> Hello all.
> >>>
> >>>
> >>> I'd like to set my RHEL 4 and 5 servers up to authenticate with our
> >>> Windows
> >>> server 2008 Active Directory. Using "authconfig --update --enableldap
> >>> --enableldapauth
> >>> --ldapserver=ldap.example.com--ldapbasedn=dn=example,dn=com"
> >>> and adding "binddn" and "bindpw" to the /etc/ldap.conf file, it looks
> >>> like
> >>> the linux box is connecting correctly to the AD server. But running
> >>> "getent
> >>> passwd <some-linux-user-defined-on-AD>" doesn't return any result.
> >>>
> >>> I'm suspecting that maybe it's my nss_ldap attribute mappings that are
> >>> not
> >>> correct. I have no attribute mapping defined, since I would think that
> >>> there
> >>> would be some default mappings that would work. Are there any default
> >>> mapping, and in case what are they? Or maybe "authconfig" set up these
> >>> mappings automatically? Any advice is appreciated.
> >>>
> >>> Best regards,
> >>> Kenneth Holter
> >>> --
> >>> redhat-list mailing list
> >>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> >>> https://www.redhat.com/mailman/listinfo/redhat-list
> >>>
> >>> --
> >>> redhat-list mailing list
> >>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> >>> https://www.redhat.com/mailman/listinfo/redhat-list
> >>>
> >>>  --
> >> redhat-list mailing list
> >> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> >> https://www.redhat.com/mailman/listinfo/redhat-list
> >>
> >>
> >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux