[PLUG] AD authentication using LDAP over SSL not working

Ratnakar Sagare ratnakar.sagare at gmail.com
Thu Jul 20 19:20:45 IST 2006


Hi Friends,
I am trying to configure single sign on mechanism in my hybrid
environment containing Windows & Linux hosts. I am using Windows
Server 2003 R2 as my authentication server. It successfully
authenticates linux nodes in normal configuration (without SSL).
But when I try to do the same with SSL; it doesn't work. I have
installed CA on the Win2k3 server and the certificate in the pem
fromat is also copied to necessary location at the linux node. Still
it is not working as desired.
Output of 'getent passwd' shows all the accounts on AD server but does
not terminate & does  not give me root prompt.
Here's my /etc/ldap.conf file.
--------------------------------------START----------------------------------------------
host 192.168.30.215
base cn=Users,dc=qualex,dc=com
uri ldaps://192.168.30.215/
ldap_version 3
binddn cn=ldaptest,cn=Users,dc=qualex,dc=com
bindpw TestLdapSSL123
ssl on
TLS_CACERT      /etc/ssl/certs/cacert.pem
TLS_REQCERT     never
port    636
scope   sub
timeout 30
nss_map_objectclass posixAccount User
nss_map_objectclass shadowAccount User
nss_map_attribute uid sAMAccountName
nss_map_attribute uidNumber uidNumber
nss_map_attribute gidNumber gidNumber
nss_map_attribute cn sAMAccountName
nss_map_attribute uniqueMember msSFU30PosixMemberOf
nss_map_attribute userPassword unixUserPassword
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute       loginShell LoginShell
nss_map_attribute       gecos name
nss_map_objectclass     posixGroup Group
pam_login_attribute     sAMAccountName
pam_filter              objectclass=User
pam_password ad
nss_base_passwd         cn=Users,dc=qualex,dc=com?sub
nss_base_shadow         cn=Users,dc=qualex,dc=com?sub
nss_base_group          cn=Users,dc=qualex,dc=com?sub
----------------------------------------------------END--------------------------------------
Can you please look into this?

Thanks in advance,

Ratnakar
www.qualexsystems.com




More information about the Plug-mail mailing list