Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Integrate RHEL with Active Directory
Special Forums Windows & DOS: Issues & Discussions Integrate RHEL with Active Directory Post 302884068 by gull04 on Friday 17th of January 2014 10:14:08 AM
Old 01-17-2014
Hi Stuart,

It's working against the AD for all of it's stuff, possibly better if I incorporate the sssd,conf file here.

We are running a very similar setup to yours, with an 18 node cluster using GFS at the back end with automount for home directories etc.

Code:
[15:06 sc386dm@ekbvcad301 data] > cat orig.sssd.conf
[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains = XXXXXXXXXXXXX

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3

[pam]
reconnection_retries = 3
#ldap_schema = rfc2307bis
ldap_schema = rfc2307
ldap_user_search_base = cn=Users,dc=xxx,dc=xxxxx,dc=com
ldap_group_search_base = cn=Users,dc=xxx,dc=xxxxx,dc=com
ldap_default_bind_dn = cn=admintest,cn=Users,dc=xxx,dc=xxxxx,dc=com
ldap_default_authtok_type = password
ldap_default_authtok = XXXXXXXX
ldap_force_upper_case_realm = True

[domain/EKB.ATMEL.COM]
description = LDAP auth to AD2003
min_id = 100
id_provider = ldap
auth_provider = ldap
ldap_uri = ldap://kdc1.xxx.xxxxx.com
ldap_schema = rfc2307bis
ldap_search_base = cn=Users,dc=xxx,dc=xxxxx,dc=com
ldap_default_bind_dn = cn=admintest,cn=Users,dc=xxx,dc=xxxxx,dc=com
ldap_default_authtok_type = password
ldap_default_authtok = XXXXXXXX
ldap_user_object_class = user
ldap_group_object_class = group
ldap_user_home_directory = unixHomeDirectory
ldap_user_gecos = displayName
enumerate = true
chpass_provider = krb5
auth_provider = krb5
krb5_kdcip = 10.143.253.183
krb5_realm = XXX.XXXXX.COM
krb5_ccachedir = /tmp
krb5_ccname_template = FILE:%d/krb5cc_%U_XXXXXX
krb5_auth_timeout = 15

#cache_credentials = True
#ldap_id_use_start_tls = False
debug_level = 9
krb5_kpasswd = kdc1.xxx.xxxxx.com:749
#ldap_search_base = cn=Users,dc=xxx,dc=xxxxx,dc=com
#krb5_realm = XXX.XXXXX.COM
#chpass_provider = krb5
#krb5_kdcip = kdc1.xxx.xxxxx.com:88
#ldap_tls_cacertdir = /etc/openldap/cacerts
[15:10 sc386dm@ekbvcad301 data] >

Anywhere you see 'x' or 'X' you'll have to substitute your own stuff - I have to leave now - but will check back when I get home (5 Hours).

Regards

Gull04
 

7 More Discussions You Might Find Interesting

1. Windows & DOS: Issues & Discussions

unix and active directory

Hi Does anybody know the steps and requirements of the installation process of Windows Active Directory using Unix/Linux Bind DNS. I will appreciate if somebody gives the answer. (1 Reply)
Discussion started by: Darwin Rodrigue
1 Replies

2. UNIX for Dummies Questions & Answers

Active Directory and UNIX

Hello - I have a very vague question, which will probably result in vague answers because I don't have a lot of detailed information and I don't know a whole lot about active directory. Our Windows/NT admin has been rolling out Active Directory over the past several weeks and as time goes on,... (1 Reply)
Discussion started by: rm -r *
1 Replies

3. UNIX for Dummies Questions & Answers

setup active directory

i would like to ask about unix with active directory..actually my situation is at ny place there already have dns server in unix based,i want to implement an active directory to the network..from what i read about active directory we have to used bind dns...some say that bind could not handle in... (1 Reply)
Discussion started by: nour
1 Replies

4. HP-UX

HP-UX authenticating to Active Directory

Hey, I've asked questions about this project here before and gotten lots of help so I figured I'd give it another try. I've recently set up my HP-UX environment to authenticate to a Windows Active Directory server (Windows Server 2003 R2). I setup an account on Active Directory which works... (2 Replies)
Discussion started by: Rike255
2 Replies

5. Red Hat

ldap and active directory

Hi Friends, I need your help to get some solution of one of my problem. Ours is a mixed domain. Most of the servers are windows and very little linux servers. We are using the MS AD for authentication. My problem is, I want to authenticate linux servers against AD. I donot want to use any... (1 Reply)
Discussion started by: arumon
1 Replies

6. UNIX for Advanced & Expert Users

Active Directory with 6.1

Is there anyone who is utilizing Active Directory (2008R2) for AIX user account management? If yes or if AD is possible with AIX systems, can you please share what to be done to get there? Please advise. (1 Reply)
Discussion started by: Daniel Gate
1 Replies

7. UNIX for Beginners Questions & Answers

Active Directory OR LDAP

Hi, How can we check users added through LDAP or AD. Users added through a group of AD or LDAP group. (2 Replies)
Discussion started by: Nishit
2 Replies

LEARN ABOUT LINUX

pure-authd

pure-authd(8)							     Pure-FTPd							     pure-authd(8)

NAME

       pure-authd - External authentication agent for Pure-FTPd.

SYNTAX

       pure-authd [-p </path/to/pidfile>] [-u uid] [-g gid] [-B] <-s /path/to/socket> -r /program/to/run

DESCRIPTION

       pure-authd is a daemon that forks an authentication program, waits for an authentication reply, and feed them to an application server.

       pure-authd listens to a local Unix socket. A new connection to that socket should feed pure-authd the following structure :

	      account:xxx

	      password:xxx

	      localhost:xxx

	      localport:xxx

	      peer:xxx

	      end

       (replace  xxx  with  appropriate  values) . localhost, localport and peer are numeric IP addresses and ports. peer is the IP address of the
       remote client.

       These arguments are passed to the authentication program, as environment variables :

	      AUTHD_ACCOUNT

	      AUTHD_PASSWORD

	      AUTHD_LOCAL_IP

	      AUTHD_LOCAL_PORT

	      AUTHD_REMOTE_IP

	      AUTHD_ENCRYPTED

       The authentication program should take appropriate actions to fetch account info according to these arguments, and reply  to  the  standard
       output a structure like the following one :

	      auth_ok:1

	      uid:42

	      gid:21

	      dir:/home/j

	      end

       auth_ok:xxx
	      If  xxx is 0, the user was not found (the next authentication method passed to pure-ftpd will be tried) . If xxx is -1, the user was
	      found, but there was a fatal authentication error : user is root, password is wrong, account has expired, etc  (next  authentication
	      methods will not be tried) . If xxx is 1, the user was found and successfully authenticated.

       uid:xxx
	      The system uid to be assigned to that user. Must be > 0.

       gid:xxx
	      The primary system gid. Must be > 0.

       dir:xxx
	      The absolute path to the home directory. Can contain /./ for a chroot jail.

       slow_tilde_expansion:xxx (optional, default is 1)
	      When  the  command  'cd  ~user'  is  issued, it's handy to go to that user's home directory, as expected in a shell environment. But
	      fetching account info can be an expensive operation for non-system accounts. If xxx is 0, 'cd ~user' will expand to the system  user
	      home  directory.	If  xxx  is 1, 'cd ~user' won't expand. You should use 1 in most cases with external authentication, when your FTP
	      users don't match system users. You can also set xxx to 1 if you're using slow nss_* system authentication modules.

       throttling_bandwidth_ul:xxx (optional)
	      The allocated bandwidth for uploads, in bytes per second.

       throttling_bandwidth_dl:xxx (optional)
	      The allocated bandwidth for downloads, in bytes per second.

       user_quota_size:xxx (optional)
	      The maximal total size for this account, in bytes.

       user_quota_files:xxx (optional)
	      The maximal number of files for this account.

       ratio_upload:xxx (optional)

       radio_download:xxx (optional)
	      The user must match a ratio_upload:ratio_download ratio.

       Only one authentication program is forked at a time. It must return quickly.

OPTIONS

       -u <uid>
	      Have the daemon run with that uid.

       -g <gid>
	      Have the daemon run with that gid.

       -B     Fork in background (daemonization).

       -s </path/to/socket>
	      Set the full path to the local Unix socket.

       -R </path/to/program>
	      Set the full path to the authentication program.

       -h     Output help information and exit.

EXAMPLES

       To run this program the standard way type:

       pure-authd -s /var/run/ftpd.sock -r /usr/bin/my-auth-program &

       pure-ftpd -lextauth:/var/run/ftpd.sock &

       /usr/bin/my-auth-program can be as simple as :
	      #! /bin/sh

	      echo 'auth_ok:1'

	      echo 'uid:42'

	      echo 'gid:21'

	      echo 'dir:/home/j'

	      echo 'end'

AUTHORS

       Frank DENIS <j at pureftpd dot org>

SEE ALSO

       ftp(1), pure-ftpd(8) pure-ftpwho(8) pure-mrtginfo(8) pure-uploadscript(8) pure-statsdecode(8) pure-pw(8) pure-quotacheck(8) pure-authd(8)

       RFC 959, RFC 2389, RFC 2228 and RFC 2428.

Pure-FTPd team							      1.0.36							     pure-authd(8)
All times are GMT -4. The time now is 04:58 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy