[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Not able to authenticate Windows and MAC client

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/26/2014 05:26 AM, saurabh ohri wrote:
> Hi all,
> 
> I am new to openldap and i manage dto install and configure the
> same. My linux client is working well but not able to authenticate
> windows and mac clients.
> 
> Have been trying since past 2 days by google and other posts but
> still facing issue. Any help would be highly appreciated.
> 
> Details: using openldap-2.4.23-34 on RHEL6.5 *Client details:* Mac
> 10.8.5 -- tried configuring the network account server but it is 
> showing RED. Error This server is not responding. Windows 7 â tried
> installing GINA but it is giving me invalid credentials error.
> 
> Configuration file on server: Password: # extended LDIF # # LDAPv3 
> # base <dc=j,dc=example,dc=com> (default) with scope subtree #
> filter: (objectclass=*) # requesting: ALL #
> 
> # j.example.com dn: dc=j,dc=example,dc=com objectClass: top 
> objectClass: dcObject objectClass: organization o: example
> Organization description: example Inc DIT dc: j
> 
> # Users, j.example.com dn: ou=Users,dc=j,dc=example,dc=com 
> objectClass: organizationalUnit ou: Users
> 
> # Groups, j.example.com dn: ou=Groups,dc=j,dc=example,dc=com 
> objectClass: organizationalUnit ou: Groups
> 
> # Admins, j.example.com dn: ou=Admins,dc=j,dc=example,dc=com 
> objectClass: organizationalUnit ou: Admins
> 
> # sohri, Users, j.example.com dn:
> uid=sohri,ou=Users,dc=j,dc=example,dc=com uid: sohri cn: sohri sn:
> 1 objectClass: top objectClass: posixAccount objectClass:
> inetOrgPerson loginShell: /bin/bash homeDirectory: /home/sohri 
> uidNumber: 15000 gidNumber: 10000 userPassword::
> e1NTSEF9eWdkWExpZUdIT01YRytRM3ZmZWdNY3QwSmd2bFNqSkcg mail:
> sam.ohri@example.com gecos: Local User
> 
> # tpearce, Users, j.example.com dn:
> uid=tpearce,ou=Users,dc=j,dc=example,dc=com uid: tpearce cn:
> tpearce sn: 2 objectClass: top objectClass: posixAccount 
> objectClass: inetOrgPerson loginShell: /bin/bash homeDirectory:
> /home/tpearce uidNumber: 15001 gidNumber: 10000 userPassword::
> e1NTSEF9eWdkWExpZUdIT01YRytRM3ZmZWdNY3QwSmd2bFNqSkc= mail:
> tony.pearce@example.com gecos: local User
> 
> # ldapusers, Groups, j.example.com dn:
> cn=ldapusers,ou=Groups,dc=j,dc=example,dc=com objectClass:
> posixGroup objectClass: top cn: ldapusers userPassword::
> e2NyeXB0fXg= gidNumber: 10000 memberUid: uid=sohri memberUid:
> uid=tpearce
> 
> # search result search: 2 result: 0 Success
> 
> # numResponses: 8 # numEntries: 7
> 
> 
> Regards Sam

Windows is created to work against an Active Directory system, meaning
you have an LDAP authorization and Kerberos authentication. Connecting
Windows to a LDAP for both is problematic to say the least. The
easiest solution is using SAMBA against LDAP and make the Windows
systems login against the SAMBA server.
If you like to make it work with GINA, contact them, and to understand
what is going on you might want to read:
http://pig.made-it.com/win-boot-test.html
No guarantees, I did my best to document what is happening. Hope I did
it right.

Mac OS X did once work against LDAP, I have no idea what the current
state is. On 10.6.5 go to Preferences, Accounts. Click Login Options
go to Account Server and click Join. Select OpenDirectory utility.
Click LDAPv3 and click the edit button. Click show options, click New,
type the address of your ldap server. Give your account credentias,
pick template RFC 2307, set search base. And your done...

And finaly: None of your problems is OpenLDAP related since it works
on your Linux machine.

Greetings,

Dennis
- -- 
ICT Medewerker
Divisie Biomedische Genetica
UMC Utrecht
Heidelberglaan 100 STR2.126
3584 CX  Utrecht
The Netherlands
06 27744048
intern: 64048
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJTDaiVAAoJEMVYYpdbQsco2/oH/0nME1ZX1Ad715vO4+/N7rIx
nVlOmXQ8rxFbk5Gmu4bry+vTWazESiWU944iRlk05JFpy9WKcNbckuf01g7sYsAO
Oae8N+cNfBgjboIZFdiG0XWLzzwNzwl1s/FSEEPe9n6LSNOVSDhXkYBtisP0aqkn
mi1GE0aRxr9uS+BD3wwlCxKvvV/uxRScknowRNjR8DfoDnFmjUJAChijo/3W/eTQ
JQyeiY0NFLjjqnCIiA6/zm98OWUGad3MYej723EZMW15OgqPYmEb06qYUMTtaGtd
1QTXlORl28GTYNsck8TfRjw/6fKTnQ3Bp9cAmWoDC/roh1B9SGfS2ek34Zx3WVU=
=0xSh
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------

De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is
uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht
ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct
te informeren door het bericht te retourneren. Het Universitair Medisch
Centrum Utrecht is een publiekrechtelijke rechtspersoon in de zin van de W.H.W.
(Wet Hoger Onderwijs en Wetenschappelijk Onderzoek) en staat geregistreerd bij
de Kamer van Koophandel voor Midden-Nederland onder nr. 30244197.

Denk s.v.p aan het milieu voor u deze e-mail afdrukt.

------------------------------------------------------------------------------

This message may contain confidential information and is intended exclusively
for the addressee. If you receive this message unintentionally, please do not
use the contents but notify the sender immediately by return e-mail. University
Medical Center Utrecht is a legal person by public law and is registered at
the Chamber of Commerce for Midden-Nederland under no. 30244197.

Please consider the environment before printing this e-mail.