[SLE] Pam_ldap, pam_kerberos via Active Directory

From: Jason Gerfen (jason.gerfen_at_scl.utah.edu)
Date: 04/15/04

Next message: Jerome R. Westrick: "Re: [SLE] Emergency - need to move system to a new box"

Previous message: Jim Sabatke: "[SLE] Emergency - need to move system to a new box"
Next in thread: Michael James: "Re: [SLE] Pam_ldap, pam_kerberos via Active Directory"
Reply: Michael James: "Re: [SLE] Pam_ldap, pam_kerberos via Active Directory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Thu, 15 Apr 2004 11:34:18 -0600
To: suse-linux-e@suse.com

I have been scouring the net for documentation of setting up a SuSe 9.0
client to use pam_krb5 for authentication and then use pam_ldap to
obtain user profile information. (Similar to a roaming profile on
Windows environments). I have been using YaSt2 to configure the
pam_krb5 and pam_ldap information specific to our environment.

As of now I can get the user to authenticate successfully against a
Windows Kerberos server, however it still needs to have a local account
setup in order to authenticate successfully.

I recieve errors when trying to use YaSt2 to look in the LDAP directory
and recieve errors with container object not found or invalid
credentials. If I use ldapsearch from the command line I can
successfully look up a specified user which means from the command line
I can bind and search the active directory database.

Has anyone else run into this problem? When I check logs for the YaSt2
it seems to be putting in an extra CN=Configuration before my root DN
information. Any help is appreciated.

-- 
Jason Gerfen
Student Computing Group
jason.Gerfen@scl.utah.edu
"whoa... you mean this isn't woodshop class?"
			~ cereal killer (as in fruit loops)
                          Hackers 1989
-- 
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@suse.com

Next message: Jerome R. Westrick: "Re: [SLE] Emergency - need to move system to a new box"

Previous message: Jim Sabatke: "[SLE] Emergency - need to move system to a new box"
Next in thread: Michael James: "Re: [SLE] Pam_ldap, pam_kerberos via Active Directory"
Reply: Michael James: "Re: [SLE] Pam_ldap, pam_kerberos via Active Directory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

Re: DSACLS for ADAM permission & ADSI for ADAM authentication
... the command worked but it does not seem to have an effect on the permissions. ... It says it granted the permission but when I use the ldp tool to authenticate a user which is under the ou=company it authenticate but when I searches for the attributes it bring nothing. ... user of inetOrgPerson in ADAM and when I connect to ADAM using the ldp it ...
(microsoft.public.windows.server.active_directory)
Re: complex relay access denied error..any helpers??
... "You need to authenticate to your SMTP server", ... said that my mail program send to the server wrong command, ... For some reason Outlook Express converts this command ...
(microsoft.public.outlook.general)
Re: SMTP AUTH
... other SMTP servers that won't be able to send mail to your server ... Now I need them to authenticate so thay may relay. ... response to the EHLO command, sends a list of keywords it supports. ... command to your server. ...
(microsoft.public.exchange.admin)
Re: logging ldap authentication
... Just to clarify that command is ... >Do you mean authenticate to AD ie when you say "using ldap to login to a ... >wireless connection" if you want to know which DC authenticated a user you ... Simon Whyley ...
(microsoft.public.windows.server.dns)