Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: AD Group Policy Management and Kerberos / LDAP
Top Forums UNIX for Advanced & Expert Users AD Group Policy Management and Kerberos / LDAP Post 302968716 by Devyn on Monday 14th of March 2016 12:00:49 AM
Old 03-14-2016
I managed to get this going including HMC to AD (fully) without any local intervention required, however what remains now is how to get HBAC in. I have HBAC on users and SUDO in AD but that works allright in Linux, though it's far from production ready. I was looking for something specific for AIX to AD from IBM. No luck, even when asking our IBM representatives, they were not even aware that you can have HMC to AD fully integrated without having to create local accounts. So I think I scraped the barrel of that pot quite well.

I mean to get to this in time but Cloud stuff has my head spinning at the moment.

Cheers,
Tom
 

7 More Discussions You Might Find Interesting

1. HP-UX

LDAP/Kerberos Issue

I am getting the following error message when trying to login to the client: while verifying tgt If I move the /etc/krb5.keytab out of /etc, it works fine. This is HP-UX v23 Does anyone have any ideas? (1 Reply)
Discussion started by: dhernand
1 Replies

2. AIX

Kerberos and LDAP Auth

Good day I am trying to configure Kerberos and LDAP authentication on AIX 5.3 with Windows 2003 R2 but something is not quite right. When I ran kinit username I get a ticket and I can display it using klist. When the user login I can see the ticket request on Windows 2003, but the user... (1 Reply)
Discussion started by: mariusb
1 Replies

3. UNIX for Advanced & Expert Users

Compiling Samba from Source on AIX, Active Directory, LDAP, Kerberos

Hello, I asked this question in the AIX subforum but never received an answer, probably because the AIX forum is not that heavily trafficked. Anyway, here it is.. I have never had any issues like this when compiling applications from source. When I try to compile samba-3.5.0pre2, configure runs... (9 Replies)
Discussion started by: raidzero
9 Replies

4. Solaris

how to assign group policy to user in solaris

hi, how to assign group policy to user in solaris (1 Reply)
Discussion started by: meet2muneer
1 Replies

5. Windows & DOS: Issues & Discussions

QOS packet scheduler and group policy

hi, did anyone know how to configure a priority of dns ports (and other ports) on QOS on windows 2003? hard to understand the group policy "explain" tab on 'qos packet scheduler', no elaboration on how to use it. thanks for any comment you may add. ---------- Post updated at 05:03 PM... (0 Replies)
Discussion started by: itik
0 Replies

6. Solaris

LDAP Problem during Kerberos setting for Win server 03 Active Directory

Hi, FYI, I'm new in Solaris I'm trying to use Kerberos on authenticating LDAP Client with the Active Directory on Windows Server 2003 on both Solaris 10 5/08 and Solaris 10 9/10 by referring to the pdf file kerberos_s10.pdf available at sun official site. ... (0 Replies)
Discussion started by: chongzh
0 Replies

7. AIX

Trouble with Kerberos/LDAP and AIX 6.1

The KRB5ALDAP compound load module is giving me fits. Everything looks like it should be working, but no. Goal: Integrate AIX host with Active Directory using a KRB5ALDAP compound load module so that users can be created in AD and used in AIX, with unix attributes (registry values) being... (2 Replies)
Discussion started by: jgeiger
2 Replies

LEARN ABOUT MOJAVE

dsconfigldap

dsconfigldap(1) 					    BSD General Commands Manual 					   dsconfigldap(1)

NAME

     dsconfigldap -- LDAP server configuration/binding add/remove tool.

SYNOPSIS

     dsconfigldap [-fvixsgmeSN] -a servername [-n configname] [-c computerid] [-u username] [-p password] [-l username] [-q password]

     dsconfigldap [-fviSN] -r servername [-u username] [-p password] [-l username] [-q password]

		  options:
			-f	       force authenticated binding/unbinding
			-v	       verbose logging to stdout
			-i	       prompt for passwords as required
			-x	       choose SSL connection
			-s	       enforce secure authentication only
			-g	       enforce packet signing security policy
			-m	       enforce man-in-middle security policy
			-e	       enforce encryption security policy
			-S	       do not update search policies
			-N	       do not prompt about adding certificates
			-h	       display usage statement
			-a servername  add config of servername
			-r servername  remove config of servername
			-n configname  name given to LDAP server config
			-c computerid  name used if binding to directory
			-u username    privileged network username
			-p password    privileged network user password
			-l username    local admin username
			-q password    local admin password

DESCRIPTION

     dsconfigldap allows addition or removal of LDAP server configurations. Presented below is a discussion of possible parameters. Usage has
     three intents: add server config, remove server config, or display help.

     Options list and their descriptions:

     -f       Bindings will be established or dropped in conjunction with the addition or removal of the LDAP server configuration.

     -v       This enables the logging to stdout of the details of the operations. This can be redirected to a file.

     -i       You will be prompted for a password to use in conjunction with a specified username.

     -s       This ensures that no clear text passwords will be sent to the LDAP server during authentication.	This will only be enabled if the
	      server supports non-cleartext methods.

     -e       This ensures that if the server is capable of supporting encryption methods (i.e., SSL or Kerberos) that encryption will be enforced
	      at all times via policy.

     -m       This ensures that man-in-the-middle capabilities will be enforced via Kerberos, if the server supports the capability.

     -g       This ensures that packet signing capabilities will be enforced via Kerberos, if the server supports the capability.

     -x       Connection to the LDAP server will only be made over SSL.

     -S       Will skip updating the search policies.

     -N       Will assume Yes for installing certificates

     -h       Display usage statement.

     -a servername
	      This is either the fully qualified domain name or correct IP address of the LDAP server to be added to the DirectoryService LDAPv3
	      configuration.

     -r servername
	      This is either the fully qualified domain name or correct IP address of the LDAP server to be removed from the DirectoryService
	      LDAPv3 configuration.

     -n configname
	      This is the UI configuration label that is to be given the LDAP server configuration.

     -c computerid
	      This is the name to be used for directory binding to the LDAP server. If none is given the first substring, before a period, of the
	      hostname (the defined environment variable "HOST") is used.

     -u username
	      Username of a privileged network user to be used in authenticated directory binding.

     -p password
	      Password for the privileged network user.  This is a less secure method of providing a password, as it may be viewed via process
	      list.  For stronger security leave the option off and you will be prompted for a password.

     -l username
	      Username of a local administrator.

     -q password
	      Password for the local administrator.  This is a less secure method of providing a password, as it may be viewed via process list.
	      For stronger security leave the option off and you will be prompted for a password.

EXAMPLES

     dsconfigldap -a ldap.company.com

     The LDAP server config for the LDAP server myldap.company.com will be added. If authenticated directory binding is required by the LDAP
     server, then this call will fail. Otherwise, the following parameters configname, computerid, and local admin name will respectively pick up
     these defaults: ip address of the LDAP servername, substring up to first period of fully qualified hostname, and username of the user in the
     shell this tool was invoked.

     dsconfigldap -r ldap.company.com

     The LDAP server config for the LDAP server myldap.company.com will be removed but not unbound since no network user credentials were sup-
     plied.  The local admin name will be the username of the user in the shell this tool was invoked.

SEE ALSO

     opendirectoryd(8), odutil(1)

Mac OS								   April 24 2010							    Mac OS
All times are GMT -4. The time now is 07:52 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy