by InfoTe » Fri, 21 Jun 2002 02:52:55
by p.. » Fri, 21 Jun 2002 03:13:28
--
Peter H?kanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
by Nicholas Bachman » Fri, 21 Jun 2002 06:49:45
(1) Is that just a retarded name or what? Doesn't MS put things like
this through focus groups to weed out dumb, potentially misconstrued, names?
--
+ http://www.not-real.org/~nick +
+ How valuable is my contribution? Share your feedback at Affero: +
+ http://svcs.affero.net/rm.php?r=nick +
by Liam Cunningha » Fri, 21 Jun 2002 23:30:10
1. LDAP and MS Active Directory
Hi. I'm trying to get Linux working with a Windows 2000 Server; in
particular, I'm trying to get it working with Active Directory.
I _basically_ have it working right now. I've set up Heimdal Kerberos
5 so that I can use kinit to get a TGT from the Win2K KDC. I've set
up the OpenLDAP tools so they know to look at the 2K machine. I can
do, e.g., `ldapsearch -x' and get (correct) information.
The problem I'm having now is that I can't authenticate to AD, and as
a result it won't feed me complete information. I can change the ACLs
on the 2K box so that "everyone" has access and then everything works
as I want. But that obviously isn't a satisfactory long-term
solution.
So basically what I need is a step-by-step, cookbook-style explanation
of how the hell to get Kerberos working with the OpenLDAP tools.
There is a Kerberos option listed in the man page, but that's only
Kerberos v4 (Win2K requires v5). There is a whole bunch of
gobbledygook about SASL which makes no sense to me, but whenever I try
to use it, it says:
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error
The appropriate plugins for SASL are installed (i.e., the Heimdal
Kerberos one). But I can't get the sample-server and -client programs
to work, either:
Choosing best mechanism from: GSSAPI
sample-client: Starting SASL negotiation: generic failure
Note that these are quite possibly the two worst error messages I have
ever seen.
I'm beginning to suspect that part of my problem here is that I have
no idea what SASL actually is.
I just want to use Kerberos to authenticate to an LDAP server.
Kerberos works on its own; LDAP works on its own; but they don't work
together. Is there anything else I can try? FWIW, I'm running
Debian; it's possible that I need some support that's not compiled
in. (But I have no idea what support I would need, so please tell
me.)
--
"I woke up this morning and realized what the game needed: pirates,
pimps, and gay furries." - Rich "Lowtax" Kyanka
2. IP Spoofing from inside own network.
3. nss_ldap / ms active directory password authentication
5. How apache on unix authenticate user using Active Directory?
7. How to automate ftp from Windows NT directory to UNIX directory
8. What does #!/bin/sh do in a 2.X script?
9. FreeBSD Unix, Kerberos 5, and Windows 2000 Active Directory
10. UNIX directory tree to an MSDOS directory
11. User Authentication on a UNIX- or NT-based Web Server via Novell NDS
12. Problems with Heimdal, OpenLDAP, Cyrus SASL, GSSAPI, and Active Directory
13. cd to a directory with a whitespace in the directory name