Zentyal Forum, Linux Small Business Server
Zentyal Server => Installation and Upgrades => Topic started by: jneves on May 03, 2010, 08:21:35 am
-
Is it possible to authenticate an ubuntu desktop against ebox in ad slave mode?
As anyone done it? Any reason not to work?
Can I do it through ldap? Or do I have to go through winbind?
Thanks in advance,
João Miguel Neves
-
I think it should work through ldap without problem. An ad-slave behaves like an eBox master more than as an slave.
-
Thanks.
I haven't tried to debug the authentication after importing it (the 1st attempt I had the wrong dc in /etc/ldap.conf).
At the moment I'm fighting with the LDAP's homeDirectory attribute being defined as /nonexistent. Any clues on how to work around that?
loginShell was also undefined, but nss_default_attribute_value worked well for that case.
Thanks in advance,
João Miguel Neves
-
Have a look at: http://trac.ebox-platform.com/wiki/Document/Documentation/EBoxDesktop#ChangesonServerSidetoMakeitWork
-
(Im with jneves)
Ok some more information...
When I try to login I get the following message:
pam_ldap: error trying to bind as user "uid=marco.silva,ou=Users,dc=servidor,dc=eb23,dc=net" (Invalid credentials)
In ldap.secret I have the secret that is available at the "LDAP info" section in ebox.
rootbinddn is commented out, what is the "cn" I should use? admin? ebox?
-
Have a look at: http://trac.ebox-platform.com/wiki/Document/Documentation/EBoxDesktop#ChangesonServerSidetoMakeitWork
I had already reviewed those. Our current issues are:
1) When syncing from AD, the homeDirectory variable in LDAP is set to the default in the UsersAndGroups module (/nonexistent). I'm building a script to reset that.
2) pam_ldap is refusing to bind with any user. This is getting fun... I'll update the info as soon as I have more information. getent passwd works, showing up all users.
Thanks,
João Miguel Neves
-
Current situation: this works:
ldapsearch -h localhost -D "cn=ebox,dc=mydc" -x -W -b "dc=mydc" '(objectClass=*)' dn
Replacing the -D for one user, fails with "ldap_bind: Invalid credentials (49)".
Any clues are welcome,
João Miguel Neves
-
http://trac.ebox-platform.com/ticket/1872 - I'm starting to suspect that I'm finding the same problem as this bug report.