Re: [OpenIndiana-discuss] AD Authentication and Samba 4 Active Directory

Predrag Zecevic [Unix Systems Administrator] Tue, 16 Sep 2014 23:32:21 -0700

Hi Martin,

I guess that LDAP/Kerberos authentication depends on PAM setup, so take a look 
(me, personally never used it on OI as server).


HTH,
Regards
Predrag Zečević

On 09/16/14 11:44 PM, Andrew Martin wrote:

Hello,

I have been attempting to follow this guide for setting up Active Directory
authentication on OpenIndiana using LDAP+Kerberos:
http://wiki.openindiana.org/oi/Kerberos+and+LDAP

Note that this connecting to a Samba 4 Active Directory server.

I am able to successfully view AD users via "getent passwd" and other tools that
utilize the nsswitch hooks, however AD users are unable to login to the
OpenIndiana server. I have read in a few places that the unixUserPassword field
may be used for this purpose, however the above guide specifically instructs you
to disable the "Password Sync" Windows component. Here's some more information
on this field:
http://blogs.technet.com/b/sfu/archive/2010/01/08/using-unixuserpassword-attribute-properly.aspx

How does the LDAP+Kerberos method authenticate a user's password? What else can
I do to debug this setup? I do not see any authentication errors in /var/log.

Thanks,

Andrew Martin

_______________________________________________
openindiana-discuss mailing list
[email protected]
http://openindiana.org/mailman/listinfo/openindiana-discuss


--
Predrag Zečević, Technical Support Analyst, 2e Systems GmbH

Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894
Mobile:    +49  174 3109 288,     Skype: predrag.zecevic
E-mail:    [email protected]

Headquarter:          2e Systems GmbH, Königsteiner Str. 87,
                      65812 Bad Soden am Taunus, Germany
Company registration: Amtsgericht Königstein (Germany), HRB 7303
Managing director:    Phil Douglas

http://www.2e-systems.com/ - Making your business fly!

[***]===---

"Necessity is the mother of invention" is a silly proverb. "Necessity is the mother of futile dodges" is much nearer the truth. --Alfred North Whitehead


_______________________________________________
openindiana-discuss mailing list
[email protected]
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] AD Authentication and Samba 4 Active Directory

Reply via email to