Login or Register to Ask a Question and Join Our Community


AIX

How to integrate AIX Client LPAR to make use of existing MS AD LDAP ?

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems AIX How to integrate AIX Client LPAR to make use of existing MS AD LDAP ?
# 1  
Old 12-12-2014
How to integrate AIX Client LPAR to make use of existing MS AD LDAP ?
Hi All,

Its regarding the LDAP in AIX.

we already have Microsoft Active Directory (LDAP) Server. And would like to integrate My client AIX LPAR to this LDAP server. So' that we can directly use Active directory crdentials to login. (instead of creating USERs on AIX)

from my AIX LPAR.

Code:
lslpp -L | grep -i ldap
  idsldap.clt32bit62.rte    6.2.0.16    C     F    Directory Server - 32 bit
  idsldap.clt64bit62.rte    6.2.0.16    C     F    Directory Server - 64 bit
  idsldap.cltbase62.adt     6.2.0.16    C     F    Directory Server - Base Client
  idsldap.cltbase62.rte     6.2.0.16    C     F    Directory Server - Base Client
  idsldap.cltjava62.rte     6.2.0.16    C     F    Directory Server - Java Client
  idsldap.ent62.rte          6.2.0.3    C     F    Directory Server - Entitlement
  idsldap.msg62.en_US       6.2.0.16    C     F    Directory Server - Messages -
  idsldap.srvbase64bit62.rte
  idsldap.srvproxy64bit62.rte
  idsldap.webadmin62.rte    6.2.0.16    C     F    Directory Server - Web


under /usr/lib/security
ls -ltr LDAP*
-r--r--r--    1 root     security     116702 Sep 16 2013  LDAP64
-r--r--r--    1 root     security     109810 Sep 16 2013  LDAP

Could you help me understand or give some quick dirty steps to implement LDAP in AIX.

Please provide your response.
# 2  
Old 12-12-2014
You need to install Kerberos (actually Kerberos 5), because the much-toted "Active Directory" is simply a kerberized LDAP-server (dumbed down to the same level of usefulness you know from other M$ products).

Notice that several user properties you might need are missing in an AD and you are likely not able to get these: because there is no "home directory"-property and no "default shell" (Windows-users are homeless and suffer shelllessness) you might need to still create the users at your system using AIX methods and can only use the LDAP domain for the authentication (read: password checks). Use the "krb5" security method in in the user definition for this.

I hope this helps.

bakunin
This User Gave Thanks to bakunin For This Post:
System Admin 77
# 3  
Old 12-15-2014
@bakunin

Thanks for your response and valuable input. I'm going to install Kerberos 5 on test lpar. Do you have any quick steps handy for setting up this. (ldap on AIX)

Anyway i will try to search for the online books/pdfs about this.

Thank you.
# 4  
Old 12-15-2014
I found this one very helpful:
IBM Redbooks | Integrating AIX into Heterogeneous LDAP Environments
This User Gave Thanks to zaxxon For This Post:
System Admin 77
# 5  
Old 12-15-2014
Notice that there was a Kerberos problem lately which was fixed by an efix. See this link and similar links for more detail and make sure you update to the latest level.

You might want to forego the efix if you operate from an internal network. Denial-of-Service type attacks are typically massively parallel and therefore unlikely to take place inside the LAN, so that you could wait for a regular update. Deploying efixes is a nasty thing to do and you ahve to undeploy them before you can resume normal update routines.

I hope this helps.

bakunin
This User Gave Thanks to bakunin For This Post:
System Admin 77
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Unable to install client AIX LPAR to vscsi hdisk provided from VIOS

Hi everybody, I have Power5 server with 4 internal hdisks each of 70Gb. VIOS server was installed via Virtual I/O Server Image Repository on the HMC. HMC release - 7.7.0 VIOS rootvg installed on 2 disk(these disks merged to one storage pool during VIOS install process),and 2 others hdisks... (2 Replies)
Discussion started by: Ravil Khalilov
2 Replies

2. Solaris

LDAP Client not connecting to LDAP server

I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful. The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
Discussion started by: solaris_1977
9 Replies

3. AIX

AIX LDAP client authenticate against Linux Openldap server over TLS/SSL

Hi folks, How can i configure an AIX LDAP client to authenticate against an Linux Openldap server over TLS/SSL? It works like a charm without TLS/SSL. i would like to have SSL encrypted communication for ldap (secldapclntd) and ldapsearch etc. while accepting every kind of certificate/CA.... (6 Replies)
Discussion started by: paco699
6 Replies

4. AIX

AIX 7.1 integrate AD with winbind

I have joined an AIX 7.1 into a 2012 AD domain sucesfully. I can get ouput from wbinfo -u but when I try to access a share I get the following error : check_ntlm_password: Authentication for user -> FAILED with error NT_STATUS_NO_SUCH_USER I have found that I'm missing... (0 Replies)
Discussion started by: laxtnog
0 Replies

5. AIX

AIX 5.2 ldap client AD

I have been able to configure on an AIX 5.2 ldap.cfg so service starts correctly. but when I try to log on with a windows user after entering the password login hangs and get no response. I have set it up on Aix 5.3 with no problem but in Aix 5.2 I have not been able to log in. ldap.cfg... (1 Reply)
Discussion started by: laxtnog
1 Replies

6. AIX

Will it affect my AIX LPAR security, when i set up email alerts on AIX server.

Hello, I've set up email alerts on AIX Servers. so that i can get email notifications (via mail relay server) when ever there is abnormal behavior. for example 1) my script monitors CPU/disk/memory etc... when it reaches high water ark, it will send an email alert. 2) disk usage alerts 3)... (5 Replies)
Discussion started by: System Admin 77
5 Replies

7. AIX

cdrom confusion on the vio client lpar

Hi In my vio server I have the below output $ lsvopt | grep -i SAPSITGS sapsitgs_cdrom TL12UP.iso 3182 In my vio client lpar I have the below output root@sapsitgs:/ # lsdev -Cc cdromcd0 Available Virtual SCSI Optical Served by VIO Server cd1... (1 Reply)
Discussion started by: newtoaixos
1 Replies

8. AIX

DUAL VIOS & Client LPAR hangs at 25b3

I have a DUAL VIO ( IBM Virtual I/O ) setup on p 570. Two Vio server ( VIOS ) and many LPAR clients. VIO ( latest version + service pack + applied the fix ) and AIX 6.1 ML2 When both VIOs are running, and if I turn on a Client LPAR, the LPAR hangs at LED 25b3 for more than 1 hour then it... (2 Replies)
Discussion started by: filosophizer
2 Replies

9. AIX

Integrate ML with AIX Installation CDs

In windows, there is a software that can help integrate some fixes or files into installtion media ( I think the software is called nLight or something). For example, if you want to include some SATA drivers into the installation CD of Windows XP you would: 1)get the Windows XP installation CDs. 2)... (1 Reply)
Discussion started by: Dardeer
1 Replies

10. UNIX for Dummies Questions & Answers

AIX v5.3 LDAP CLIENT and AD

Has anyone successfully authenticated unix users via Active Directory using LDAP client on AIX v5.2 or v5.3?? ldapsearch from our unix box retrieves info from AD but having trouble authenticating unix id when I logon - get a msg ': 3004-318 Error obtaining the user's password information'. Not... (0 Replies)
Discussion started by: DANNYC
0 Replies
Login or Register to Ask a Question