LDAP Authentification between Debian and Active Directory
Has anybody managed to implement an LDAP connection between Debian and
Microsofts Active Directory?
I've tried Woody and Sarge but am unable to login with either of them.
It would be of great help to me if I could ascertain if it is at all
possible to achieve the connection with standard Debian packages
(libpam-ldap/libnss-ldap) or whether alterations/improvements
(bug-fixes?) are necessary.
According to the Packet descriptions, the necessary arguments
(enable-rfc2307bis und --enable-schema-mapping) have been compiled.
I would be grateful if anyone could provide detailed tips.
I've attached a more detailed description of the problem.
I've contacted various experts but up till now with no success. I'm
Constellation is as follows:
Windows -> Windows 2003 DC with ServicesForUnix 3.5
Debian -> (Version ????) with libpam-ldap and libnss-ldap installed.
In ldap.conf I've included a user with binddn/bindpw that is authorised
to bind with the Windows 2003 domain. (((Aus Sicherheit ---- For reasons
of security / To cover all eventualities))) I've linked all possible
config files(/etc/libnss-ldap.conf, /etc/pam_ldap.conf,
/etc/nsswitch.conf is as follows:
passwd files ldap
group files ldap
shadow files ldap
/etc/pam.d/login is as follows:
auth required pam_nologin.so
auth sufficient pam_ldap.so
auth sufficient pam_unix.so use_first_pass
account sufficient pam_ldap.so
account required pam_unix.so
session sufficient pam_ldap.so
session required pam_unix.so
password sufficient pam_ldap.so
password sufficient pam_unix.so
I can read all the attributes using ldapsearch, so I assume that
binduser has functioned correctly.
Another Linux Box (Suse 9.2) works like a dream, so I also assume that
the Windows configuration is OK.
Using a network monitoring tool, I can see that the only difference
between the Debian and Suse logins is that Debian
doesn't request the attributes of the user on the Windows 2003 DC. The
login then obviously fails. A previous bind with binduser is successful.
Could the problem lie in the Debian modules (pam_ldap.so, ....) ?
I'd be glad in the first place if somebody could confirm that Debian and
Windows 2003 actually can communicate via LDAP.
Any further tips which could help clarify the problem would be appreciated.