Configuring RHEL servers to authenticate with Windows Server 2008Active Directory

Kenneth Holter kenneho.ndu at gmail.com
Mon Apr 19 11:46:12 UTC 2010


Hi all.


I've got my RHEL-server to autenticate against Active Directory, and things
are looking good. I have one small issue maybe someone here know how to fix:
When a users password expires the user must be able to change it. Nomally a
users would be allowed to log in based on the current password, be she would
be promted for a new password following the login. In the current setup
where my linux servers autheticate against AD, the users whose password have
expired are simply locked out from the server. Is there a way to tune linux
to allow login, but have the users change password on login?


- Kenneth


On Wed, Jan 27, 2010 at 2:39 PM, s u p e r n a u t <supernaut at gmx.com>wrote:

> I've used this in the past to good effect with RHEL5.3 and W2K3.  I'm sure
> you'll have to make adjustments with W2K8, but it may be a good starting
> point.
>
>
> http://www.interopsystems.com/downloads/Native_LDAP_native_Kerberos_and_AD_services.pdf
>
>
>
> ----- Original Message ----- From: "Kenneth Holter" <kenneho.ndu at gmail.com
> >
> To: "General Red Hat Linux discussion list" <redhat-list at redhat.com>
> Sent: Wednesday, January 27, 2010 7:58 AM
> Subject: Re: Configuring RHEL servers to authenticate with Windows Server
> 2008Active Directory
>
>
>  Thanks for your reply.
>>
>> I would like the account and group information to be maintained in AD.
>> Possibly later on we'll implement kerberos too.
>>
>>
>> - Kenneth
>>
>> On Tue, Jan 26, 2010 at 5:32 PM, Marti, Robert <RJM002 at shsu.edu> wrote:
>>
>>  If you just care about authentication and not accounts, I'd set up
>>> kerberos
>>> auth - much easier.  I have no experience setting up LDAP auth, sorry.
>>>
>>> Rob Marti
>>> ________________________________________
>>> From: redhat-list-bounces at redhat.com [redhat-list-bounces at redhat.com] On
>>> Behalf Of Kenneth Holter [kenneho.ndu at gmail.com]
>>> Sent: Tuesday, January 26, 2010 10:17
>>> To: redhat-list at redhat.com
>>> Subject: Configuring RHEL servers to authenticate with Windows Server
>>> 2008
>>>     Active Directory
>>>
>>> Hello all.
>>>
>>>
>>> I'd like to set my RHEL 4 and 5 servers up to authenticate with our
>>> Windows
>>> server 2008 Active Directory. Using "authconfig --update --enableldap
>>> --enableldapauth
>>> --ldapserver=ldap.example.com--ldapbasedn=dn=example,dn=com"
>>> and adding "binddn" and "bindpw" to the /etc/ldap.conf file, it looks
>>> like
>>> the linux box is connecting correctly to the AD server. But running
>>> "getent
>>> passwd <some-linux-user-defined-on-AD>" doesn't return any result.
>>>
>>> I'm suspecting that maybe it's my nss_ldap attribute mappings that are
>>> not
>>> correct. I have no attribute mapping defined, since I would think that
>>> there
>>> would be some default mappings that would work. Are there any default
>>> mapping, and in case what are they? Or maybe "authconfig" set up these
>>> mappings automatically? Any advice is appreciated.
>>>
>>> Best regards,
>>> Kenneth Holter
>>> --
>>> redhat-list mailing list
>>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>
>>> --
>>> redhat-list mailing list
>>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>
>>>  --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>



More information about the redhat-list mailing list