Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Integrate RHEL with Active Directory
Special Forums Windows & DOS: Issues & Discussions Integrate RHEL with Active Directory Post 302884379 by stuffer1984 on Monday 20th of January 2014 07:50:30 AM
Old 01-20-2014
Hi Gull,

I do have some questions regarding your conf file please could you let me know if I am correct with the following:
Code:
[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains = XXXXXXXXXXXXX (This would be my domain?)

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3

[pam]
reconnection_retries = 3
#ldap_schema = rfc2307bis (is this your schema ID or is this a generic Schema ID which I can use)
ldap_schema = rfc2307
ldap_user_search_base = cn=Users,dc=xxx,dc=xxxxx,dc=com (This would be my domain?)

ldap_group_search_base = cn=Users,dc=xxx,dc=xxxxx,dc=com (This would be my domain?)

ldap_default_bind_dn = cn=admintest,cn=Users,dc=xxx,dc=xxxxx,dc=com (This would be my domain?)

ldap_default_authtok_type = password (does this notify us that we are authentication via a password?)
ldap_default_authtok = XXXXXXXX (is this a password or user or domain?)
ldap_force_upper_case_realm = True

[domain/EKB.ATMEL.COM] (does this need to be my domain?)
description = LDAP auth to AD2003 (the AD Schema is 
min_id = 100
id_provider = ldap
auth_provider = ldap
ldap_uri = ldap://kdc1.xxx.xxxxx.com
ldap_schema = rfc2307bis
ldap_search_base = cn=Users,dc=xxx,dc=xxxxx,dc=com
ldap_default_bind_dn = cn=admintest,cn=Users,dc=xxx,dc=xxxxx,dc=com
ldap_default_authtok_type = password
ldap_default_authtok = XXXXXXXX (once again same q as before?)
ldap_user_object_class = user
ldap_group_object_class = group
ldap_user_home_directory = unixHomeDirectory
ldap_user_gecos = displayName
enumerate = true
chpass_provider = krb5
auth_provider = krb5
krb5_kdcip = 10.143.253.183 (would this be my DC?)
krb5_realm = XXX.XXXXX.COM
krb5_ccachedir = /tmp
krb5_ccname_template = FILE:%d/krb5cc_%U_XXXXXX
krb5_auth_timeout = 15

#cache_credentials = True
#ldap_id_use_start_tls = False
debug_level = 9
krb5_kpasswd = kdc1.xxx.xxxxx.com:749
#ldap_search_base = cn=Users,dc=xxx,dc=xxxxx,dc=com
#krb5_realm = XXX.XXXXX.COM
#chpass_provider = krb5
#krb5_kdcip = kdc1.xxx.xxxxx.com:88
#ldap_tls_cacertdir = /etc/openldap/cacerts

---------- Post updated at 12:50 PM ---------- Previous update was at 11:49 AM ----------

ok I have edited the conf file for SSSD and I am now about to setup the NSS but for some reason when I use authconfig --enablesssd --update all I get is errors, is this something to do with the conf file for SSSD not being setup correctly?
Last edited by Franklin52; 01-20-2014 at 11:05 AM.. Reason: Please use code tags
 

7 More Discussions You Might Find Interesting

1. Windows & DOS: Issues & Discussions

unix and active directory

Hi Does anybody know the steps and requirements of the installation process of Windows Active Directory using Unix/Linux Bind DNS. I will appreciate if somebody gives the answer. (1 Reply)
Discussion started by: Darwin Rodrigue
1 Replies

2. UNIX for Dummies Questions & Answers

Active Directory and UNIX

Hello - I have a very vague question, which will probably result in vague answers because I don't have a lot of detailed information and I don't know a whole lot about active directory. Our Windows/NT admin has been rolling out Active Directory over the past several weeks and as time goes on,... (1 Reply)
Discussion started by: rm -r *
1 Replies

3. UNIX for Dummies Questions & Answers

setup active directory

i would like to ask about unix with active directory..actually my situation is at ny place there already have dns server in unix based,i want to implement an active directory to the network..from what i read about active directory we have to used bind dns...some say that bind could not handle in... (1 Reply)
Discussion started by: nour
1 Replies

4. HP-UX

HP-UX authenticating to Active Directory

Hey, I've asked questions about this project here before and gotten lots of help so I figured I'd give it another try. I've recently set up my HP-UX environment to authenticate to a Windows Active Directory server (Windows Server 2003 R2). I setup an account on Active Directory which works... (2 Replies)
Discussion started by: Rike255
2 Replies

5. Red Hat

ldap and active directory

Hi Friends, I need your help to get some solution of one of my problem. Ours is a mixed domain. Most of the servers are windows and very little linux servers. We are using the MS AD for authentication. My problem is, I want to authenticate linux servers against AD. I donot want to use any... (1 Reply)
Discussion started by: arumon
1 Replies

6. UNIX for Advanced & Expert Users

Active Directory with 6.1

Is there anyone who is utilizing Active Directory (2008R2) for AIX user account management? If yes or if AD is possible with AIX systems, can you please share what to be done to get there? Please advise. (1 Reply)
Discussion started by: Daniel Gate
1 Replies

7. UNIX for Beginners Questions & Answers

Active Directory OR LDAP

Hi, How can we check users added through LDAP or AD. Users added through a group of AD or LDAP group. (2 Replies)
Discussion started by: Nishit
2 Replies

LEARN ABOUT CENTOS

authconfig

AUTHCONFIG(8)						      System Manager's Manual						     AUTHCONFIG(8)

NAME

       authconfig, authconfig-tui - an interface for configuring system authentication resources

SYNOPSIS

       authconfig
	      [options] {--update|--updateall|--test|--probe|--restorebackup <name>|--savebackup <name>|--restorelastbackup}

DESCRIPTION

       authconfig  provides a simple method of configuring /etc/sysconfig/network to handle NIS, as well as /etc/passwd and /etc/shadow, the files
       used for shadow password support.  Basic LDAP, Kerberos 5, and Winbind client configuration is also provided.

       If --test action is specified, the authconfig just reads the current settings from the various configuration files and prints their values.
       If  --update action is specified, authconfig must be run by root (or through console helper), and configuration changes are saved. Only the
       files affected by the configuration changes are overwritten.  If --updateall action is specified,  authconfig  must  be	run  by  root  (or
       through	console  helper),  and all configuration files are written.  The --probe action instructs authconfig to use DNS and other means to
       guess at configuration information for the current host, print its guesses if it finds them, to standard output, and exit.

       The --restorebackup, --savebackup, and --restorelastbackup actions provide a possibility to save and later restore a backup  of	configura-
       tion  files  which authconfig modifies. Authconfig also saves an automatic backup of configuration files before every configuration change.
       This special backup can be restored by the --restorelastbackup action.

       If --nostart is specified (which is what the install program does), ypbind or other daemons will not be started or stopped immediately fol-
       lowing program execution, but only enabled to start or stop at boot time.

       The  --enablenis,  --enableldap,  --enablewinbind,  and --enablehesiod options are used to configure user information services in /etc/nss-
       witch.conf, the --enablecache option is used to configure naming services caching, and the --enableshadow, --enableldapauth,  --enablekrb5,
       and  --enablewinbindauth  options  are used to configure authentication functions via /etc/pam.d/system-auth.  Each --enable has a matching
       --disable option that disables the service if it is already enabled. The respective services have parameters which configure  their  server
       names etc.

       The algorithm used for storing new password hashes can be specified by the --passalgo option which takes one of the following possible val-
       ues as a parameter: descrypt, bigcrypt, md5, sha256, and sha512.

       The --enablelocauthorize option allows to bypass checking network authentication services  for  authorization  and  the	--enablesysnetauth
       allows authentication of system accounts (with uid < 500) by these services.

       When the configuration settings allow use of SSSD for user information services and authentication, SSSD will be automatically used instead
       of the legacy services and the SSSD configuration will be set up so there is a default domain populated with the settings required to  con-
       nect  the  services.  The --enablesssd and --enablesssdauth options force adding SSSD to /etc/nsswitch.conf and /etc/pam.d/system-auth, but
       they do not set up the domain in the SSSD configuration files. The SSSD configuration has to be set up manually. The allowed  configuration
       of  services  for  SSSD	are:  LDAP  for user information (--enableldap) and either LDAP (--enableldapauth), or Kerberos (--enablekrb5) for
       authentication.

       In case SSSD does not support some feature of the legacy services that are required for the site configuration, the use of the legacy  ser-
       vices can be forced by setting FORCELEGACY=yes in /etc/sysconfig/authconfig.

       The  list  of  options  mentioned here in the manual page is not exhaustive, please refer to authconfig --help for the complete list of the
       options.

       The authconfig-tui supports all options of authconfig but it implies --update as the default action. Its window contains a Cancel button by
       default. If --back option is specified at run time, a Back button is presented instead. If --kickstart is specified, no interactive screens
       will be seen. The values the program will use will be those specified by the other options (--passalgo, --enableshadow, etc.).

       For namelist you may substitute either a single name or a comma-separated list of names.

NOTES

       The authconfig-tui is deprecated. No new configuration settings will be supported by its text user interface. Use system-config-authentica-
       tion GUI application or the command line options instead.

       The /usr/bin/authconfig uses the consolehelper to authenticate as the system user before it starts up. If you want to run it directly with-
       out the authentication as the system user, run the /usr/sbin/authconfig command.

RETURN CODES

       authconfig returns 0 on success, 1 on backup operation errors, 2 if not running with sufficient privileges,  3  if  unknown  password  hash
       algorithm  is  specified or incorrect values are set for password strength checking (this error is non fatal), 4 if download of CA certifi-
       cate fails, 5 if writing configuration files fails on --updateall action, 6 if writing fails on --update action, 7 if Winbind or IPA domain
       join fails.

       authconfig-tui  returns	0  on success, 2 on error, and 1 if the user cancelled the program (by using either the Cancel or Back button). It
       can also return the same codes as authconfig.

FILES

       /etc/sysconfig/authconfig
	      Used to track whether or not particular authentication mechanisms  are  enabled.	 Currently  includes  variables  named	USESHADOW,
	      USEMD5, USEKERBEROS, USELDAPAUTH, USESMBAUTH, USEWINBIND, USEWINBINDAUTH, USEHESIOD, USENIS, USELDAP, and others.
       /etc/passwd
       /etc/shadow
	      Used for shadow password support.
       /etc/yp.conf
	      Configuration file for NIS support.
       /etc/sysconfig/network
	      Another configuration file for NIS support.
       /etc/ldap.conf
       /etc/nss_ldap.conf
       /etc/pam_ldap.conf
       /etc/nslcd.conf
       /etc/openldap/ldap.conf
	      Used to configure nss_ldap, pam_ldap, nslcd, and the OpenLDAP library. Only the files already existing on the system are modified.
       /etc/krb5.conf
	      Used to configure Kerberos 5.
       /etc/hesiod.conf
	      Used to configure Hesiod.
       /etc/samba/smb.conf
	      Used to configure winbind authentication.
       /etc/nsswitch.conf
	      Used to configure user information services.
       /etc/login.defs
	      Used to configure parameters of user accounts (minimum UID of a regular user, password hashing algorithm).
       /etc/pam.d/system-auth
	      Common PAM configuration for system services which include it using the include directive. It is created as symlink and not relinked
	      if it points to another file.
       /etc/pam.d/system-auth-ac
	      Contains the actual PAM configuration for system services and is the default target of  the  /etc/pam.d/system-auth  symlink.  If  a
	      local configuration of PAM is created (and symlinked from system-auth file) this file can be included there.

SEE ALSO

       authconfig-gtk(8), system-auth-ac(5), passwd(5), shadow(5), pwconv(1), domainname(1), ypbind(8), nsswitch.conf(5), smb.conf(5), sssd(8)

AUTHORS

       Nalin Dahyabhai <nalin@redhat.com>, Preston Brown <pbrown@redhat.com>,
       Matt Wilson <msw@redhat.com>, Tomas Mraz <tmraz@redhat.com>

Red Hat, Inc.							   22 July 2011 						     AUTHCONFIG(8)
All times are GMT -4. The time now is 06:51 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy