Linux Red Hat con auntenticacion Active Directory

Forums: 

Amigos, recurro nuevamente a su ayuda y conocimiento,les explico, tengo un hambiente entre linux y windows, lamentablemte tenemos un AD de microsoft, el problema es: cuando necesite logear hacia un servidor linux este se autentique contra el AD,y me permita entrar al sistemas , Gracias de antemano

SOLUCIONADO

Imagen de robecarlsiro

Señores la solución, aca el tema es que a los servidores no se los ingreso al dominio de AD,lo que utlice es el ldap client esta solucion fue probada en Centos 5

/etc/ldap.conf

# The distinguished name of the search base.
# The LDAP version to use (defaults to 3
# if supported by client library)
ldap_version 3

# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
binddn usuario@dominio.com

# The credentials to bind with.
# Optional: default is no credential.
bindpw passwddelusuarioad

# The port.
# Optional: default is 389.
#port 389

# Search timelimit
#timelimit 30
timelimit 120

# Bind/connect timelimit
#bind_timelimit 30
bind_timelimit 120

# Reconnect policy: hard (default) will retry connecting to
# the software with exponential backoff, soft will fail
# immediately.
bind_policy soft
# Idle timelimit; client will close connections
# (nss_ldap only) if the server has not been contacted
# for the number of seconds specified below.
#idle_timelimit 3600
idle_timelimit 3600

# RFC2307bis naming contexts
# Syntax:
# nss_base_XXX base?scope?filter
# where scope is {base,one,sub}
# and filter is a filter to be &'d with the
# default filter.
# You can omit the suffix eg:
# nss_base_passwd ou=People,
# to append the default base DN but this
# may incur a small performance impact.
nss_base_passwd ou=dominio,dc=dominio,dc=com?sub
nss_base_shadow ou=dominio,dc=dominio,dc=com?sub
nss_base_group ou=dominio,dc=dominio,dc=com?sub
#nss_base_hosts ou=Hosts,dc=example,dc=com?one
#nss_base_services ou=Services,dc=example,dc=com?one
#nss_base_networks ou=Networks,dc=example,dc=com?one
#nss_base_protocols ou=Protocols,dc=example,dc=com?one
#nss_base_rpc ou=Rpc,dc=example,dc=com?one
#nss_base_ethers ou=Ethers,dc=example,dc=com?one
#nss_base_netmasks ou=Networks,dc=example,dc=com?ne
#nss_base_bootparams ou=Ethers,dc=example,dc=com?one
#nss_base_aliases ou=Aliases,dc=example,dc=com?one
#nss_base_netgroup ou=Netgroup,dc=example,dc=com?one

# Just assume that there are no supplemental groups for these named users
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm

# attribute/objectclass mapping
# Syntax:
#nss_map_attribute rfc2307attribute mapped_attribute
#nss_map_objectclass rfc2307objectclass mapped_objectclass
# configure --enable-nds is no longer supported.
# NDS mappings
#nss_map_attribute uniqueMember member

# RFC 2307 (AD) mappings
nss_map_objectclass posixAccount User
nss_map_objectclass shadowAccount User
nss_map_attribute uid sAMAccountName
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute shadowLastChange pwdLastSet
nss_map_objectclass posixGroup group
nss_map_attribute uniqueMember member
pam_login_attribute sAMAccountName
pam_filter objectclass=user

#pam_sasl_mech DIGEST-MD5

ssl no
#tls_cacertdir /etc/openldap/cacerts
uri ldap://IPLDAP/
#tls_cacertdir /etc/openldap/cacerts
pam_password md5

Activa el debug en el samba,

Imagen de deathUser

Activa el debug en el samba, suele ser problemas de como habla con el maledeto AD de Moco$oft, debes cuidar en comunicarte con el AD tal y como te lo pide, con los mismos nombres CaSe, etc ...

bye
;)