07-23-2015
AD Group Policy Management and Kerberos / LDAP
Has anyone attempted to define GPO / HBAC policies in Windows Server 2012 that could be respected by Kerberos/LDAP on AIX?
I'm looking to associate servers to groups so that when a user part of a group tries to login to a host not associated with that group, it would be denied. This would allow me to define finer group scope controls that we need / are looking for.
Has anyone done this? I'll try to post the same thread on a windows forum as well.
Thanks!
Dev
7 More Discussions You Might Find Interesting
1. HP-UX
I am getting the following error message when trying to login to the client:
while verifying tgt
If I move the /etc/krb5.keytab out of /etc, it works fine. This is HP-UX v23
Does anyone have any ideas? (1 Reply)
Discussion started by: dhernand
1 Replies
2. AIX
Good day
I am trying to configure Kerberos and LDAP authentication on AIX 5.3 with Windows 2003 R2 but something is not quite right.
When I ran kinit username I get a ticket and I can display it using klist.
When the user login I can see the ticket request on Windows 2003, but the user... (1 Reply)
Discussion started by: mariusb
1 Replies
3. UNIX for Advanced & Expert Users
Hello, I asked this question in the AIX subforum but never received an answer, probably because the AIX forum is not that heavily trafficked. Anyway, here it is..
I have never had any issues like this when compiling applications from source. When I try to compile samba-3.5.0pre2, configure runs... (9 Replies)
Discussion started by: raidzero
9 Replies
4. Solaris
hi,
how to assign group policy to user in solaris (1 Reply)
Discussion started by: meet2muneer
1 Replies
5. Windows & DOS: Issues & Discussions
hi,
did anyone know how to configure a priority of dns ports (and other ports) on QOS on windows 2003? hard to understand the group policy "explain" tab on 'qos packet scheduler', no elaboration on how to use it.
thanks for any comment you may add.
---------- Post updated at 05:03 PM... (0 Replies)
Discussion started by: itik
0 Replies
6. Solaris
Hi, FYI, I'm new in Solaris
I'm trying to use Kerberos on authenticating LDAP Client with the Active Directory on Windows Server 2003 on both Solaris 10 5/08 and Solaris 10 9/10 by referring to the pdf file kerberos_s10.pdf available at sun official site.
... (0 Replies)
Discussion started by: chongzh
0 Replies
7. AIX
The KRB5ALDAP compound load module is giving me fits. Everything looks like it should be working, but no.
Goal: Integrate AIX host with Active Directory using a KRB5ALDAP compound load module so that users can be created in AD and used in AIX, with unix attributes (registry values) being... (2 Replies)
Discussion started by: jgeiger
2 Replies
grpck(1B) SunOS/BSD Compatibility Package Commands grpck(1B)
NAME
grpck - check group database entries
SYNOPSIS
/etc/grpck [filename]
DESCRIPTION
The grpck utility checks that a file in group(4) does not contain any errors; it checks the /etc/group file by default.
FILES
/etc/group
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsu |
+-----------------------------+-----------------------------+
SEE ALSO
groups(1), group(4), passwd(4), attributes(5)
DIAGNOSTICS
Too many/few fields
An entry in the group file does not have the proper number of fields.
No group name
The group name field of an entry is empty.
Bad character(s) in group name
The group name in an entry contains characters other than lower-case letters and digits.
Invalid GID
The group ID field in an entry is not numeric or is greater than 65535.
Null login name
A login name in the list of login names in an entry is null.
Logname not found in password file
A login name in the list of login names in an entry is not in the password file.
Line too long
A line (including the newline character) in the group file exceeds the maximum length of 512 characters.
Duplicate logname entry
A login name appears more than once in the list of login names for a group file entry.
Out of memory
The program cannot allocate memory in order to continue.
Maximum groups exceeded for logname
A login name's group membership exceeds the maximum, NGROUPS_MAX.
SunOS 5.10 10 Jan 2000 grpck(1B)