Talk:HOWTO Authenticate from Active Directory using OpenLDAP
From Gentoo Linux Wiki
I dropped winbind because it's unreliable, and ldap is a better way to accomplish this task. The winbind stuff is still mentioned and some samba stuff needs to be put elsewhere, the whole article probably has to be spliced into two or three pages. I'm putting in more samba stuff as I get the network printers working.
Where do i need to go on my Windows Server 2003 to set permissions?
{{{Details}}}
{{{Signature}}}
Windows does have several GUIs to do this, and not all recognise the UNIX attributes. Use adsiedit. Possibly "Program Files\Support Tools\adsiedit.msc"
With mapkeytab i'm getting this:
Targeting domain controller: domain.office.domain.com Using legacy password setting method Successfully mapped nssldap/krbcron_behemoth to krbcron_behemoth. Type the password for nssldap/krbcron_behemoth: Type the password again to confirm: WARNING: pType and account type do not match. This might cause problems. Key created. Output keytab to krbcron_behemoth.keytab: Keytab version: 0x502 keysize 88 nssldap/krbcron_behemoth@OFFICE.DOMAIN.COM ptype 0 (KRB5_N T_UNKNOWN) vno 7 etype 0x17 (RC4-HMAC) keylength 16 (0xd1d4b6e70fe47a3ab40cd8548 d4635ac)
{{{Signature}}}
In order to get the proper file the command in mapkeytab.bat should start with:
ktpass -ptype KRB5_NT_PRINCIPAL -crypto DES-CBC-MD5I don't know whether this makes any difference, so if it does not edit this out.
When attempting to do the s_client -connect, i get this:
behemoth marc # openssl s_client -connect domain.domain.com:636 -debug -CAfile /etc/ssl/certs/adcert.pem CONNECTED(00000003) write to 8006F578 [8006F5D0] (148 bytes => 148 (0x94)) 0000 - 80 92 01 03 01 00 69 00-00 00 20 00 00 39 00 00 ......i... ..9.. 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5............ 0020 - 00 00 33 00 00 32 00 00-2f 00 00 07 05 00 80 03 ..3..2../....... 0030 - 00 80 00 00 66 00 00 05-00 00 04 01 00 80 08 00 ....f........... 0040 - 80 00 00 63 00 00 62 00-00 61 00 00 15 00 00 12 ...c..b..a...... 0050 - 00 00 09 06 00 40 00 00-65 00 00 64 00 00 60 00 .....@..e..d..`. 0060 - 00 14 00 00 11 00 00 08-00 00 06 04 00 80 00 00 ................ 0070 - 03 02 00 80 12 43 a8 62-5e 6d e8 f9 ac 71 56 3e .....C.b^m...qV> 0080 - 67 5b 32 9e b4 64 1c ee-d7 26 04 29 3e 02 f2 2e g[2..d...&.)>... 0090 - 92 43 35 2c .C5, read from 8006F578 [80074B30] (7 bytes => 0 (0x0)) 21501:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226:Any idea what's going wrong?
{{{Signature}}}
NSCD is no longer in the Portage Tree
Any suggestions as to other software to use in it's stead?
{{{Signature}}}
