Software :: Validate LDAP Authentication Against AD Global Catalog Servers?
Jan 10, 2011
We're trying to validate LDAP authentication from Linux against our AD global catalog servers. I'm seeing lots of LDAP query tools, but what I need is a free/open source application that can use LDAP to query AD to authenticate... something as simple as entering the hostname/IP of our AD/global catalog server and the port, then passing an AD username/password to it to validate logon capability. Anyone know of any software/apps that can do this? I don't want to get into configuring Samba for LDAP or trying to authenticate my actual Linux server again AD... I just want an application that uses LDAP for authentication.
View 2 Replies
ADVERTISEMENT
Jun 18, 2010
I've just installed Ubuntu Server for the first time with the goal as setting it up as a proxy server for our Apple computers here since I can get neither ISA of OS X Server's firewall to play properly. So far I have the machine authenticating against our OS X OpenLDAP server and multiple NIC's setup ready to be connected to the outside world. My question is does anyone have a preference on what proxy I should be using? So far my search efforts seem to of turned up Squid Proxy as a favorite among Ubuntu users but I can't seem to work out how to get it authenticating against my OpenLDAP server.
View 5 Replies
View Related
Mar 16, 2011
i am taking another stab at this. The last time i attempted it, it seemed like everyone had a different way to do it, but nobody could give me an answer on how to do it...
I currently have a Domain Controller Running sme server and a domain controller, using ldap as a backend. I have two file servers runing ubuntu 10.04. My overall goal is to have it so when i create a username on the domain controller, it is then automatically copied over to the fileservers. This way everyone will have their own username and password to access the fileservers and ill be able to track what people do on the fileservers.
The next necessity is for me to be able to apply permissions to the folders on the fileserver based on the users that are created on the domain controller.
View 2 Replies
View Related
Aug 26, 2011
LDAP Authentication for Web Access I am trying to build a LDAP server to allow access to the wireless network in conjunction with Meraki wireless access points. I am using Ubuntu 10.10 and trying to install OpenLDAP from their documentation but I keep running into the error "configure: error: MozNSS not found - please specify the location to the NSPR and NSS header files in CPPFLAGS and the location to the NSPR and NSS libraries in LDFLAGS (if not in the system location)" I have OpenSSL installed but I also got these when I ran ./configure
checking openssl/ssl.h usability... no
checking openssl/ssl.h presence... no
checking for openssl/ssl.h... no
checking gnutls/gnutls.h usability... no
[code]....
View 1 Replies
View Related
Apr 14, 2010
I would like to know whether ldap can be used to authenticate wireless clients with my server.server and clients are connected to a wireless router and i am able to get wireless adapter work in my ubuntu. Is there any anything extra which is required or the openldap server will work for wireless clients?
View 1 Replies
View Related
Jul 18, 2010
I have tomcat installed with port forwarding to http port 80. I configure ldap authentication for apache2(/var/www). But I could not configure tomcat for ldap authentication.
View 1 Replies
View Related
Aug 9, 2010
so I got bugzilla up and running (finally) on an ubuntu server...
but in order to use the ldap integration, you need:
Mozilla::LDAP (aka PerLDAP) Perl module
Mozilla/Netscape LDAP SDK
neither of which exist in the repositories, or anywhere on the internet. the best I could find was a request to build a package from over a year ago...
I did find source that I can build... the Perl module builds and starts to begin the setup process -- but I get stuck at the point where it requires the SDK... which I cannot find anywhere in a plain downloadable form. the one I found seems incomplete:
[URL]
View 1 Replies
View Related
Oct 24, 2010
Making a Samba Server with LDAP authentication. Will post as I go along. Found these sources, anything/hiccups I should know before jumping in? Figure would follow the official documentation then check the others for comparative errors.
https://help.ubuntu.com/10.04/server...ap-server.html
https://help.ubuntu.com/10.04/server...amba-ldap.html
http://tuxnetworks.blogspot.com/2010...cid-short.html
Also Do other computers that want access to server also need samba installed (or just client)?
The server is 10.04 and my proposed client is 10.10, does this create problems?
Do I need to use ACL? I see them only in certain places.
Using xfce after Ubuntu install, not sure if this matters.
View 9 Replies
View Related
Sep 2, 2011
I have a openldap server running on one machine (fedora10) and pam_ldap.so and nss_ldap.so running on the other machine.
I have added a new user to the LDAP server database, this user is not created on client machine.
1. Can i login to the client machine using this new user?
2. Now if i try logging with this new user I am getting error messages, the error messages are as follows at client side
Sep 2 10:34:36 localhost sshd[8484]: Invalid user kim from 10.254.194.148
Sep 2 10:34:36 localhost sshd[8485]: input_userauth_request: invalid user kim
Sep 2 10:35:16 localhost sshd[8484]: pam_ldap: error trying to bind as user "cn=min soo,ou=people,dc=samsung,dc=com" (Invalid credentials)
[Code]....
View 4 Replies
View Related
Feb 9, 2010
My scenario is similar to this person scenario: http:[url]......Here at the clinics, we already have established leaf/shorewall firewalls. Our domain controllers are win2k3 boxes.I've installed ubuntu 9.10 on a sound desktop/server and installed two nics inside that box.How do I make Dansguardian talk to our domain controllers, and give users access to the internet via established groups? What would be the best way to do this?
View 2 Replies
View Related
Feb 10, 2010
I maintain a samba PDC for a small business, our current setup does not work very well; on a hardware upgrade I directled imported the old ldap database and attempting to add machines to the domain causes all sorts of trouble.
I'm 95% sure the original database (which predates my employment) was created using the idealx smb-ldap tools, unfortunately on our current platform (debian lenny) these tools seem to be broken; the only things hey seem to do reliably are set passwords and add posix users, asking them to do anything involving samba/windows causes errors. The idealx tools seem to be abandoned, and I don't know enough perl to try and fix them.
Since the idealx scripts seem to be abandoned, and most of the good samba+ldap how-tos references the idealx tools, I was wondering what people use nowadays to manage there ldap directories; surely they aren't importing .ldif files to add new users/machines like I've been doing. Are people just writing thier own management scripts/web-apps? Or are the smb=ldap tools just broke on debian?how to generate the NT/LM password hashes and proper SIDs, does anybody have anything they could point me to about this?
View 1 Replies
View Related
Apr 5, 2010
i have successful secure ldap replication but i could not make ldap client to direct its authentication to slave ldap
here is my config file on ldap client (i am not sure if it is the right place though)
ip : 192.168.1.183 is master ldap
ip : 192.168.1.185 is slave ldap
pico /etc/ldap/ldap.conf
#
# LDAP Defaults
code....
View 11 Replies
View Related
May 25, 2011
I am using RackMonkey to map out my lab. Unfortunately, due to RM limitations, every user who accesses the site has write access UNLESS they are logged in as a user named "guest". I currently have Apache allowing only the users (sysadmins) in an LDAP group access to RM, but I would like to allow read-only access for other users as well.I found mod_authn_anon, but I am having trouble combining the two authentication methods. I am using Apache 2.2.18 (compiled myself) on SLES 11.1.
This is the common part:
Code:
AuthType Basic
AuthBasicProvider ldap anon
Order allow,deny
Allow from all
This part by itself works for the LDAP authentication:
Code:
AuthName "System Admins"
AuthLDAPURL "ldaps://example.com/ou=ldap,o=example.com?mail" SSL
Require ldap-group cn=SysAdmins,ou=memberlist,ou=groups,o=example.com
This part works by itself for guest access:
Code:
Anonymous guest
Anonymous_VerifyEmail Off
Anonymous_MustGiveEmail Off
Anonymous_LogEmail on
Require valid-user
But if I have both of the previous blocks enabled at once, then guest access does not work. If I throw in a "Satisfy any", then I am not prompted for a username at all. How can I allow access to this LDAP group and to a user named "guest", but not allow all valid LDAP users to log in?
View 1 Replies
View Related
Apr 13, 2011
I'm trying to create a group called Domain Users, that will include several other groups that are populated with users inside of the LDAP database. In the LDAPdatabase, for a group entry, there are memberUid entries that can be filled. When I try to use another "Group" name, it just lists that name and not the people in that group. So if group "A" has Jim, John, Sue, and I include group "A" in the memberUid of the Domain Users group, I want that to reference the people in that group, not the group name. Testing access right, having the group name listed in "Domain Users" group, does not grant user access under the group rights on a directory. Should be simple, but I don't know the syntax to use for this reference.
View 2 Replies
View Related
May 19, 2011
I am trying to install a Red Hat cluster on my servers. In order to configure an heart bit between the servers I must give a valid multicast address. I wanted to know if there is a way to validate a multicast address before using it. For example if it is already in use i don't want to use it.
I read a little about it and there is a Perl module called IO::Socket::Multicast: [URL] There is a tool called mcasttrest.pl: [URL] Oracle use it to test multicast. But I am not sure what will do the trick in Red Hat cluster.
View 1 Replies
View Related
Jan 24, 2011
I have created a CA on my server then created a server certificate under that then exported it as a common server certificate.I have then gone to my LDAP server and enabled TLS and told it to use the common server certificate.Now on my client I have enabled LDAP TLS/SSL and it's asking me to download a certificate ... from where ? Do I export the certificate to a file and put it on a web server.If so what format as the export offers loads.
View 1 Replies
View Related
Jun 23, 2010
I am trying to allow my freshly installed ubuntu 10.04 to authenticate with ldap. I did follow the doc https://help.ubuntu.com/community/LD...Authentication and some other hints with no success.My needs is just to use an ldap existing server (active directory in my site, but i wish to use it via ldap, not via samba/ winbind) to validate users on services using pam modules.After the package installation the command getent passwd retrieve just local users and I don't understand if my ubuntu client is not querying the server or the server reply with some message.
View 2 Replies
View Related
Sep 16, 2010
One I cant figure out is a problem of authentication. I'm using open ldap server and try to authenticate a groupware (simple groupware) against it. As it fails, I tested with a ldap client to understand things better. Using GQ ldap client, I 'm able to browse my ldap tree successfully and to search some args from the base DN i specified. but when entering the exact uid as a search string iI got no answer whereas searching the cn returns the correct entry (and display its related entry including the uid I can't find ..) Here is the only thing I can trace in logs (syslog) when trying to seach firstname.lastname (= uid)
[Code]....
View 1 Replies
View Related
Jun 29, 2010
I'm trying to get LDAP working with 389 Directory Server on Fedora 13. I have the server all ready to go, and I can query it with the 389 console. But when I tried to move on to the next step, user authentication trough LDAP, it just won't work I followed the PAM Howto, but the given authconfig command doesn't work. If I manually add a user with the 389 console, I can't login with it.Since I had X11 forwarding working over SSH, I tried authconfig-gtk. I setup a SSL LDAP connection for this to work, but it still didn't work. I did have this working on my (now crashed ) Fedora 12 VM.
View 11 Replies
View Related
Dec 9, 2010
I installed Nconf software on a Debian server.I am trying to configure Nconf Authentication with LDAP.I edited nconf's authentication.php file accordingly and I installed php5-ldap package.When i enter user-name and password in Nconf's login screen.
View 1 Replies
View Related
Feb 9, 2011
I want to ask how many applications can we use with LDAP authentication
View 1 Replies
View Related
Dec 28, 2009
I've added a new machine (desktop used by many users) to a network that uses LDAP (pam_ldap) for authentication. Can anyone post relevant configs to limit users by a groupOfNames? I've googled extensively and have found some partial comments, but no complete config examples or howto's.
The issue is as follows:
All users have one primary GID in their posixAccount entries, which is used to control access to the existing machines. So it's not really possible to change this. Now, I need to limit access to this new machine to a specific subset of users, all members of a specific groupOfNames. I can't seem to get pam_ldap to use a groupOfNames instead of a posixGroup.
View 1 Replies
View Related
Jan 20, 2010
We have an LDAP server (OpenDirectory on Snow Leopard Server--OpenLDAP essentially) and I am trying to configure our slackware hosts to use that LDAP server as the authentication mechanism instead of NIS/YP as they currently do.How do I change it, and is it just as simple as changing /etc/nsswitch.conf?
View 11 Replies
View Related
May 7, 2011
On this moment i configure a testenvironment with 1 Microsoft active directory server and 1 Opensuse 11 samba filesharing server. But i have a issue. The samba server is add to the domain and the servers can communicate with eachother. I can login to the domain on the samba server and the LDAP settings tab on yast2 samba configuration tool tell me that samba and the MS LDAP server can communicate with eachother. I can see the shares on the samba server but i can't autenticate myself. When i whant to logon than see i always "domain: domainname.local" and "access denied". My question is now how can i give the MS administrator account rights to view the shares and configure the rights for the other users.Samba config file
PHP Code:
[global]
workgroup = WIN-FVJBNQIJE9O@WOENSDRECHT.LOCAL
[code]....
View 1 Replies
View Related
Mar 4, 2010
I have installed openldap version 2.4.21 and configured with the help of the site [URL] and the LDAP address book is working fine. But I need to create an LDAP directory such that it will contain the user name and passwords for the users and when user is logging to any application he is authenticated from LDAP directory
e.g Users who need to browse the internet need to authenticate with username and password for access from the firewall (Juniper Netscreen) and similarly other applications like oracle ERP such that they will have only 1 username and password stored in LDAP directory and all other applications will search for the user name and password for authentication.
View 5 Replies
View Related
Jun 3, 2011
I Configured LDAP Server on ubuntu Server 10.04 ,(using url ldap) and Client also it's working fine. After that I changed to ssl encryption and create certificate in server side. Now it's not authenticating from server it's shows Incorrect Password, but I can login though terminal if I am root user ,then it not ask any password it's logon to ldap user. After I changed to ldap server to ssl encryption and made one changes in client side uri ldaps://ip-address/ (/etc/ldap.conf).
View 3 Replies
View Related
May 15, 2011
I have more than 150 Linux desktop computer in my office IT setup.
I want to configure LDAP centralize network authentication for all the desktop computer.
My requirement is below mentioned.
The LDAP server will only authenticate the desktop computer at the log-in time when the user start computer.
The home directory of all the user should be create in their desktop local computer not in the LDAP server.
And flexibility of user log-in for every desktop. (any user can log-in any computer with his/her username and password)and the home directory will create automatically in the local desktop computer automatically the moment any user will log-in to any computer in the network and the LDAP server will authenticate for desktop-network log-in in to the computer.
View 1 Replies
View Related
Nov 12, 2010
I have Centos ( and Postfix+ldap+dovecot ) TLS works with Postfix and LDAP. When I open evolution mail client I can browse ldap tree and search for users, send-receive mails ...all fine
View 3 Replies
View Related
Jul 25, 2010
Install and configure Samba as a primary domain controller with LDAP on Linux.i setup it step by step following article without error until step 10.i want to join windows client when press user name and password for domain then display message:The following error occurred attempting to join the domain BIGTIME:
The network path was not found.
View 3 Replies
View Related
Feb 16, 2011
I'm having a pretty weird problem, and really have no idea where to begin in tracing and fixing it. But here goes.I'm running Ubuntu 10.10 on 2 machines, and have installed OpenLDAP as per the guide https://help.ubuntu.com/10.10/server...ap-server.html it all seemed to be going well having it installed and running on Server A, including authentication. So a few days later I decided to setup server B to be a slave replica. Which after a little bit of fiddling seems to working and keeping the records in sync.
Then I did an apt-get upgrade on server A. then my problem started.Basically getent passwd, only returns one entry from the LDAP and so does getent group.But a search of LDAP returns everything that's there.I've been comparing the config files between Server A and Server A for PAM etc, and everything is the same.but if I change ldap.conf on server A to point the uri ldap://server B/ and rerun getent passwd it returns all the users and getent group returns all the groups.I've compared the LDAP entries between Server A and Server B and they're staying in sync.It looks like it's more to do with ldap than the auth config if just changing the server fixes it, but as server A is the master LDAP server I'm really at a loss.
If getent was only returning local users it'd be something, but it's returning local + 1 LDAP user or 1 group. Which just seems weird.Any help would be greatly appreciated. I'm sure posting some logs would be helpful, but I have no idea which so if someone can let me know what extra info would be more helpful I'll post it back asap.
View 1 Replies
View Related