AD Authentication

Discussion and support for all Linux distributions and Unix flavours (FreeBSD, OpenBSD, etc).
Post Reply
DarkRanger
Registered User
Posts: 8346
Joined: 10 May 2006, 02:00
Processor: Intel i5-3750
Motherboard: Gigabyte
Graphics card: nVidia GTX 550Ti
Memory: 8GB Jetram
Contact:

AD Authentication

Post by DarkRanger »

After I have decided to format ubuntu and reinstall everything the way it should be, I looked for alternative ways to do Authentication.

Now, I came across this guide. And after going through all the steps, I get this weird error.

Code: Select all

kinit: KDC reply did not match expectations while getting initial credentials
Should I install something on the Win2K3 server to get this to work?
Image
User avatar
rustypup
Registered User
Posts: 8872
Joined: 13 Dec 2004, 02:00
Location: nullus pixius demonica
Contact:

Re: AD Authentication

Post by rustypup »

common hiccup....

kerberos can be... interesting times....
Most people would sooner die than think; in fact, they do so - Bertrand Russel
DarkRanger
Registered User
Posts: 8346
Joined: 10 May 2006, 02:00
Processor: Intel i5-3750
Motherboard: Gigabyte
Graphics card: nVidia GTX 550Ti
Memory: 8GB Jetram
Contact:

Re: AD Authentication

Post by DarkRanger »

Ok, that worked. Now how do I integrate that into our intraweb... I assume I have made a slight error in assuming that if I get this to work I'll automatically be able to log in from our intraweb. But it occured to me that I'll have to insert some code somewhere.

Damn I'm such an idiot...

So I'll still have to go the LDAP route.

On the server where the intraweb will be hosted, I'll have to install an LDAP client (openLDAP client) and on the server where authentication will happen (Windows 2K3), I'll have to install an LDAP Server (openLDAP server). Is this correct?
Image
User avatar
rustypup
Registered User
Posts: 8872
Joined: 13 Dec 2004, 02:00
Location: nullus pixius demonica
Contact:

Re: AD Authentication

Post by rustypup »

oops... you're running 9.10?... :lol: one of the primary reasons for my sticking to LTS releases.... :/...

OpenLDAPServer setup
Most people would sooner die than think; in fact, they do so - Bertrand Russel
DarkRanger
Registered User
Posts: 8346
Joined: 10 May 2006, 02:00
Processor: Intel i5-3750
Motherboard: Gigabyte
Graphics card: nVidia GTX 550Ti
Memory: 8GB Jetram
Contact:

Re: AD Authentication

Post by DarkRanger »

This is all nice and what not, but I still have no idea how to authenticate a user using the Active Directory so that they can log into the Intraweb.

The intraweb is on the ubuntu machine, and the Active Directory is on the Win2K3 server, and I'm using PHP. How do I do it.
Image
DarkRanger
Registered User
Posts: 8346
Joined: 10 May 2006, 02:00
Processor: Intel i5-3750
Motherboard: Gigabyte
Graphics card: nVidia GTX 550Ti
Memory: 8GB Jetram
Contact:

Re: AD Authentication

Post by DarkRanger »

Okay, so I followed the thread on how to install and configure LDAP.

Now, I want to install adLDAP as it looks like a simple solution. The thing is, with the setup, I get stuck at this step. I type in this command:

Code: Select all

administrator@ubuntu:~/openldap-2.4.21$ sudo ./configure --with-ldap
Then it runs through a lot of steps but finally stops, with this error:

Code: Select all

checking db.h usability... no
checking db.h presence... no
checking for db.h... no
configure: error: BDB/HDB: BerkeleyDB not available
So I Googled it. Turns out I had to install BerkeleyDB which I did. Got the error again, so I did what was described on this page (including what is said in the comment section). Still get that darn error (obviously changed the numbers and words in the commands to fit my PC).

Does anyone know how to fix the problem?
Image
DarkRanger
Registered User
Posts: 8346
Joined: 10 May 2006, 02:00
Processor: Intel i5-3750
Motherboard: Gigabyte
Graphics card: nVidia GTX 550Ti
Memory: 8GB Jetram
Contact:

Re: AD Authentication

Post by DarkRanger »

Okay, it is working. :D
Image
DarkRanger
Registered User
Posts: 8346
Joined: 10 May 2006, 02:00
Processor: Intel i5-3750
Motherboard: Gigabyte
Graphics card: nVidia GTX 550Ti
Memory: 8GB Jetram
Contact:

Re: AD Authentication

Post by DarkRanger »

DarkRanger wrote:Okay, it is working. :D
Sometimes I wish that I give more clarity on my solution. :cry: :cry:
Image
User avatar
rustypup
Registered User
Posts: 8872
Joined: 13 Dec 2004, 02:00
Location: nullus pixius demonica
Contact:

Re: AD Authentication

Post by rustypup »

:lol: ... also keep likewise-open in mind....
Most people would sooner die than think; in fact, they do so - Bertrand Russel
DarkRanger
Registered User
Posts: 8346
Joined: 10 May 2006, 02:00
Processor: Intel i5-3750
Motherboard: Gigabyte
Graphics card: nVidia GTX 550Ti
Memory: 8GB Jetram
Contact:

Re: AD Authentication

Post by DarkRanger »

Ok, so again I got LDAP to work. This time, on an external server (41.72.132.170). NOW, that server needs to connect to our internal server. I get that right: I connect using ldap, it says that the servers are connected and voila, all works. BUT, for some or other reason it says login credentials are incorrect. I use the same credentials that I log into the actual server with. Is this incorrect? Should I create a username and password somewhere?

Any help regarding this would be awesome!!
Image
DarkRanger
Registered User
Posts: 8346
Joined: 10 May 2006, 02:00
Processor: Intel i5-3750
Motherboard: Gigabyte
Graphics card: nVidia GTX 550Ti
Memory: 8GB Jetram
Contact:

Re: AD Authentication

Post by DarkRanger »

Ok some progress. I now get it to bind with the server. If you look at this page, it actually binds and logs in with our administative account. But it doesn't want to log in when I go to /index.php and type in my username and password. It says: Invalid credentials... and that username and password is correct! To understand what I mean, go to the login page, type anything (because it does the bind before it does the actual username and password check) and look at the error. That error is given by using the same username and password as the ldaptest.php page.
Image
DarkRanger
Registered User
Posts: 8346
Joined: 10 May 2006, 02:00
Processor: Intel i5-3750
Motherboard: Gigabyte
Graphics card: nVidia GTX 550Ti
Memory: 8GB Jetram
Contact:

Re: AD Authentication

Post by DarkRanger »

DarkRanger wrote:
DarkRanger wrote:Okay, it is working. :D
Sometimes I wish that I give more clarity on my solution. :cry: :cry:
AAAAAAAAAARGH!!!
Image
Post Reply