Hello all,
I really hope this is the correct newsgroup to post this question
against - I've had a hard time tracking down a good place to post it
and I've tried a few of the MS newsgroups with no response, but I
could really use some help - if I'm in the wrong place please direct
me to a more appropriate venue.
I'm trying to solve a particular issue at our site where we need to
authenticate users logging into UNIX boxes against our site's AD and
Kerberos servers. After reading the documentation at
http://www.microsoft.com/downloads/d...displaylang=en,
I've been able to successfully authentication against a single domain.
However I would like to expand the authentication scenario so that on
a few of our UNIX boxes any user in any domain under the same AD
forest could log into the box. I figure that instead of doing a
domain LDAP query (port 389), I need to make a query against the
Global Catalog (port 3268), but I can't figure out the configuration I
need. I have tried changing my /etc/ldap.conf configuration to query
on port 3268 and use a common search
root, but it doesn't work. I've tried the following configurations
(although not all at once) in my /etc/ldap.conf file:
# "gc" works with some Windows tools, but I don't know if OpenLDAP
supports it
uri gc://<fully qualified host name>
# port 3268 being the port the global catalog server listens on
uri ldap://<fully qualified host name>:3268
# this works, but I can only query a single domain at a time
uri ldap://<fully qualified host name>
I've verified that Kerberos authentication works by using kinit. I've
also used ldapsearch to successfully make an ldap query against the
Global Catalog. Unfortunately I'm at a loss to figure out how to get
the system to query the GC for account information.
Does anybody know of any documentation out there that could aid me and
has anybody else successfully gotten this type of configuration to
work? Any and all help would be appreciated (and again, really sorry
if this isn't the right newsgroup).
dln
Similar Threads
Linear Mode
