| Blogs | Classifieds | Downloads | FlashChat | Gallery | Googlemap | Invite Friends | Links | Projects | Reviews | Wiki |
| |||||||||
 |  pSeries Tech Info Tech Support Library Tutorials |
 Microsoft Windows 2003 Active Directory integration | |
Welcome to the pSeries Tech Forums,
our free peer-based support site for administrators, engineers and architects working with IBM pSeries servers and software. You are currently viewing our site as a guest which gives you limited access to view most discussions, articles, tutorials and access our other free features. By joining our community you will be able to collaborate with administrators, engineers and architects charged with designing, delivering or maintaining IBM pSeries server environments. Founded by a recognized IBM pSeries consultant and IBM Redbook author, pSeries Tech Forums was developed with the single mission of bringing IBM pSeries professionals together into a single self-help community. Registration is fast, simple and absolutely free to all IT professionals with responsibility for or interest in IBM pSeries servers. We invite you to join our community today! If you have any problems with the registration process or your account login, please contact contact support. |
| Our Sponsors | |
| | |
| Want to advertise? | |
 |
| | LinkBack (1) | Tutorial Tools |
| ||
| This tutorial will help you integrate your AIX 5L hosts into an existing Microsoft Windows 2003 Active Directory (MSAD) environment. When complete, AIX 5L user will authenticate against the Microsoft KDC and all user information will be stored in the Microsoft Active Directory. User administration... | ||
| |
|
#10
By
Deus
on
November 6th, 2006
|
| Re: Microsoft Windows 2003 Active Directory integration Thank you for the tutorial, it was a great help in the initial configuration! One issue has arisen however. When trying to run the lsldap command to test the LDAP client daemon, I simply get an eror "Error getting object(s)". I cannot seem to find any reference to this error in the redbook, on google, or IBMs site. Any ideas? |
 |
Re: Microsoft Windows 2003 Active Directory integration |
#14
By
liquidki
on
May 16th, 2007
|
 Re: Microsoft Windows 2003 Active Directory integration First, thanks for the tutorial! Using this and other docs from IBM I was able to set up AD integration using local (db=BUILTIN) database. So I know the kerberos authentication works, but I want to use a different database. Instead of using db=LDAP or BUILTIN, is it supported to use db=NIS? I've done this in Linux using PAM, where the authentication portion is done by kerberos and all the db-type info (UID, GID, HOMEDIR, etc) is stored in NIS. I'd rather this than LDAP simply because we already have NIS up and running. Is this possible? I haven't been able to find the documentation for what "db=" options are supported by the KRB5A module. Does anyone have this info? Thanks!!! -Michael |
| |
|
#15
By
cjs226
on
August 21st, 2007
|
| Re: Microsoft Windows 2003 Active Directory integration I'm getting the following error when running <kinit -kt /etc/krb5/host_my_hostname.keytab>: - com.ibm.security.krb5.KrbException, status code: 6 message: Client not found in Kerberos database I also noticed the follwing when running <ktpass -princ host/my_hostname.my_domain.com@MYDOMAIN.COM -pass passw0rd -out host_my_hostname.keytab -mapuser host_my_hostname>: - WARNING: pType and account type do not match. This might cause problems. |
| |
|
#16
By
skol
on
August 21st, 2007
|
| Re: Microsoft Windows 2003 Active Directory integration Hello I had as well this message: - WARNING: pType and account type do not match. This might cause problems. I could get over it, as I added "-ptype KRB5_NT_PRINCIPAL" in the command. The whole command was <ktpass -princ host/my_hostname.my_domain.com@MYDOMAIN.COM -ptype KRB5_NT_PRINCIPAL -pass passw0rd -out host_my_hostname.keytab -mapuser host_my_hostname> Afterwards it worked without any problems. Regards Stefan |
| |
|
#17
By
cjs226
on
August 21st, 2007
|
| Re: Microsoft Windows 2003 Active Directory integration Thanks! Adding that did indeed get ktpass to complete without errors. Unfortunately, now I get the following when I try my kinit: Unable to obtain initial credentials. Status 0x96c73a9a - Cannot find KDC for requested realm. I don't know if it matters, but when I do a list in ktutil, my KVNO is 2, not 3 as in the tutorial. |
| |
|
#18
By
skol
on
August 22nd, 2007
|
| Re: Microsoft Windows 2003 Active Directory integration Hi If you run the ktpass command on the Windows you will see on the bottom the KVNO. It is only importent when you do the merge with ktutil you will see the same number. When you mad a new hostname.keytab file I suggest to delete the old "/etc/krb5/krb5.keytab" and do the following of the instruction again: # ktutil ktutil: rkt /etc/krb5/host_your_hostname.keytab ktutil: list slot KVNO Principal ------ ------ ------------------------------------------------------ 1 3 host/your_hostname.your_domain.com@YOUR_DOMAIN.COM ktutil: wkt /etc/krb5/krb5.keytab ktutil: quit Because of the Error: Please check the /etc/krb5/krb5.conf file. It is quite simple and you can check the entries of REALM and the KDC and so on. Regards Stefan |
| |
|
#19
By
cjs226
on
August 22nd, 2007
|
| Re: Microsoft Windows 2003 Active Directory integration Thanks for the continued help but unfortunately, I'm still stuck. I've run unconfigure.krb5 (numerous times) and started from scratch with the same result. Here's my krb5.conf: [libdefaults] default_realm = MYDOMAIN.COM default_keytab_name = FILE:/etc/krb5/krb5.keytab default_tkt_enctypes = des-cbc-md5 des-cbc-crc default_tgs_enctypes = des-cbc-md5 des-cbc-crc [realms] MYDOMAIN.COM = { kdc = my_domain_controller.mydomain.com:88 admin_server = my_domain_controller.mydomain.com:749 default_domain = mydomain.com } [domain_realm] .mydomain.com = MYDOMAIN.COM my_domain_controller.mydomain.com = MYDOMAIN.COM [logging] kdc = FILE:/var/krb5/log/krb5kdc.log admin_server = FILE:/var/krb5/log/kadmin.log default = FILE:/var/krb5/log/krb5lib.log |
| |
|
| Bookmarks |
« How to Use the Advanced System Management Interface for Troubleshooting and Recovery
|
Virtualization and Power »
LinkBacks (?)
LinkBack to this Thread: http://www.pseriestech.org/forum/tutorials/microsoft-windows-2003-active-directory-integration-65.html | ||||
| Posted By | For | Type | Date | |
| Discover From Your Favorite Topic or Web Page: subversion Windows Active Directory | This thread | Refback | June 17th, 2008 08:01 | |
| Currently Active Users Viewing This Tutorial: 2 (0 members and 2 guests) | |
| Tutorial Tools | |
| |
|
Similar Threads | ||||
| Tutorial | Tutorial Starter | Category | Comments | Last Post |
| Knocks Solutions | KNOCKSsolutions | Announcements | 0 | June 9th, 2007 05:49 |
| Active Directory Authentication | bebenianne | AIX for POWER Systems | 4 | June 6th, 2007 09:43 |
| CIFS NFS V4 Windows 2003 server Clients | John G Harney | AIX for POWER Systems | 0 | September 20th, 2006 16:14 |
Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.2.0
Powered by vbWiki Pro 1.3 RC5. Copyright ©2006-2007, NuHit, LLC
vBulletin Skin developed by: vBStyles.com
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.2.0
Powered by vbWiki Pro 1.3 RC5. Copyright ©2006-2007, NuHit, LLC
vBulletin Skin developed by: vBStyles.com
Tutorial powered by GARS 2.1.8m ©2005-2006
