Blogs Classifieds Downloads FlashChat Gallery Googlemap Invite Friends Links Projects Reviews Wiki
 
Home Forums Register FAQ Members List Calendar Mark Forums Read

Go Back pSeries Tech Talk Forums pSeries Tech Info Tech Support Library Tutorials
Reload this Page

Microsoft Windows 2003 Active Directory integration

Discuss Microsoft Windows 2003 Active Directory integration on the 'Tutorials' forum of pSeriesTech.org. Talk about Microsoft Windows 2003 Active Directory integration with the IBM pSeries Technical Support Community.

Welcome to the pSeries Tech Forums, our free peer-based support site for administrators, engineers and architects working with IBM pSeries servers and software.

You are currently viewing our site as a guest which gives you limited access to view most discussions, articles, tutorials and access our other free features. By joining our community you will be able to collaborate with administrators, engineers and architects charged with designing, delivering or maintaining IBM pSeries server environments.

Founded by a recognized IBM pSeries consultant and IBM Redbook author, pSeries Tech Forums was developed with the single mission of bringing IBM pSeries professionals together into a single self-help community.

Registration is fast, simple and absolutely free to all IT professionals with responsibility for or interest in IBM pSeries servers. We invite you to join our community today!

If you have any problems with the registration process or your account login, please contact contact support.

Our Sponsors
Want to advertise?  


Comment
Page 1 of 3 1 23 >
 
LinkBack (1) Tutorial Tools
<!-- google_ad_section_start -->Microsoft Windows 2003 Active Directory integration<!-- google_ad_section_end -->
Microsoft Windows 2003 Active Directory integration
Fred Sherman, pSeries Engineer
Published by FASherman
June 24th, 2006
Introduction
This tutorial will help you integrate your AIX 5L hosts into an existing Microsoft Windows 2003 Active Directory (MSAD) environment. When complete, AIX 5L user will authenticate against the Microsoft KDC and all user information will be stored in the Microsoft Active Directory. User administration will no longer take place at the server level.

This tutorial assumes that your Microsoft Windows domain is already installed and configured.

Microsoft Windows 2003 Active Directory configuration

Installing the Active Directory Schema MMC Snap-in

Install the Active Directory Schema snap-in for MMC so you can browse and modify the schema in your directory. The procedure to install the MMC snap-in is as follows:
  1. Register the Active Directory Schema Master snap-in. This is accomplished by running the following command: regsvr32 schmmgmt.dll
  2. Start the Management Console (MMC) by selecting Start, then Run. Type mmc /a and select OK.
  3. Select the File Add/Remove Snap-in menu to open the Add/Remove Snap-in dialog.
  4. Select the Add button to open the Add Standalone Snap-In dialog. Select the Active Directory Schema snap-in and then the Add button.
  5. Select Close and then the OK button to complete the snap-in installation.
  6. Select File Save as and save the console configuration in the %SYSTEMROOT%\system32 directory with a file name of schmmgmt.msc.
  7. Create a shortcut in the Administrative Tools folder in your Start menu by right-clicking Start and then Open All Users. Select the Program folder and then the Administrative Tools folder.
  8. Select File New Shortcut. Then enter the location of the saved console, %SYSTEMROOT%\system32\schmmgmt.msc, in the “Type the location of the item” field. Select Next to continue.
  9. Enter the name of the new shortcut, Active Directory Schema, in the “Type a name for this shortcut” field.
  10. Start the Windows Active Directory Schema management tool by selecting StartAdministrative tools Active Directory Schema.
Install Microsoft Windows Services for UNIX (SFU)
  1. Download Microsoft Windows Services for UNIX 3.5 from the Microsoft Web site: http://www.microsoft.com/windowsserv...u/default.mspx
  2. Unzip the downloaded file by executing it and select the destination folder to unzip the SFU Installation into.
  3. Start the installation of SFU by selecting Start, then Run. Select Browse and select the program setup.exe in the folder you unpacked SFU into. Select Open to select the program to execute, then select OK to continue.
  4. At the welcome to SFU dialog, select Next to continue.
  5. At the Customer Information dialog, enter the appropriate information into the User name and Organization fields. Select Next to continue.
  6. At the License and Support Information dialog, read the license agreement and select the I accept the agreement option. Select Next to continue.
  7. At the Installation options dialog, select the Custom installationNext to continue.
  8. At the Selecting Components dialog, select the NIS Server for installation. Select Next to continue.
  9. Select Next to continue.
  10. Accept the default installation location of C:\SFU by selecting the Next
  11. Installation of SFU is complete. Select Finish to continue.
  12. After the installation, the installer will upgrade the Active Directory schema with the SFU schema. This upgrade is not reversible. Select Next
  13. Reboot the server to complete the installation.
Contents

Tutorial Tools
Show Printable Version Show Printable Version
Email this Page Email this Page

  #1  
By alexisl on June 25th, 2006
Re: Microsoft Windows 2003 Active Directory integration
I have to say that this is the best documentation on how to do this that I have seen. Thank You very much.
Reply With Quote
  #2  
By FASherman on June 25th, 2006
Re: Microsoft Windows 2003 Active Directory integration
My pleasure.
Reply With Quote
  #3  
By s.fida on June 25th, 2006
Re: Microsoft Windows 2003 Active Directory integration
thanks FASherman i ll try it monday. thanks for the reply.
Reply With Quote
  #4  
By loot on June 30th, 2006
Re: Microsoft Windows 2003 Active Directory integration
This is an excellent tutorial! Nice job, FASHerman.
Reply With Quote
  #5  
By s.fida on August 14th, 2006
Re: Microsoft Windows 2003 Active Directory integration
Dear FASherman
Im trying to implement your article, but i have a problem. I dont know in what server 2003 you have tried, im testing on 2003 R2 EE and it seams that something is changed by defualt.

Here is the error:

Unable to obtain initial credentials.
Status 0x96c73a06 - Client not found in Network Authentication Service database or client locked out.

Every things goes well till the ktpass command. Using the command as you have showed for me it generates a different result. Im using this command to obtain des-cbc-md5. In your case it gives me a different encryption ((RC4-HMAC) keylength 16 (0xf28aee2115daf113ecf9f57b8cffc59e)).

C:\Program Files\Support Tools>ktpass -princ host/dca.xxx.xxx.xx@XXX.XXX.XX -m
apuser host_dca -pass h@stADC -out host_dca.keytab -pType KRB5_NT_PRINCIPAL /cry
pto DES-CBC-MD5
Targeting domain controller: DCA.xxx.xxx.xx
Using legacy password setting method
Successfully mapped host/dca.xxx.xxx.xx to host_dca.
Key created.
Output keytab to host_dca.keytab:
Keytab version: 0x502
keysize 59 host/dca.seeu.edu.mk@SEEU.EDU.MK ptype 1 (KRB5_NT_PRINCIPAL) vno 8 et
ype 0x3 (DES-CBC-MD5) keylength 8 (0xe529e5b3ad79d01a).

As you can see i obtain a des-cbc-md5 but the account is not set to DES only encryption.
What do you think on this, where the problem for this error?
Reply With Quote
  #6  
By alexisl on August 22nd, 2006
Re: Microsoft Windows 2003 Active Directory integration
I am finally able to get the stuff I need from the Windows side of the house and I have gone through and set up just about everything when I noticed that there is nothing in the documentation for excluding users. Is this still done in the /etc/security/user file? I don't want to turn it on system-wide until I am able to test a couple accounts to see how it reacts with some of our other applications.
Reply With Quote
  #7  
By s.fida on August 23rd, 2006
Re: Microsoft Windows 2003 Active Directory integration
I managed to pass the problem above with ktpass. I needed to add something else that ktpass to give the result as shown in the tutorial.
The problem that i have now is that i can't do a telnet with the users created from AD, and even the homes of the users are not created in AIX.
What i can do is su - username which actually work in this case from AIX so the users is created and even when im doing either lsuser username or lsgroup group it gives me that it is created.

Anyone has an idea what it can be the problem on this?
Reply With Quote
  #8  
By ColinRenouf on September 19th, 2006
Smile Re: Microsoft Windows 2003 Active Directory integration
This tutorial is brilliant but I have a couple of questions.....

1) 5.3 TL5 was supposed to include "native AD integration" to make integrating with AD (W2K3 R2) "seamless" and "easy". I can't find anything specific on the pSeries and AIX Information Centre so.... Does this tutorial change with the TL5 features?

2) Secondly, TL5 was supposed to make use of the standard RFC2307 schema and W2KR2 was supposed to support the standard RFC2307 for general Unix integration. This schema is not specific to Windows Services for Unix but is an industry standard so.....Does this tutorial change with the RFC2307 side of things?

Cheers

Colin
Reply With Quote
  #9  
By ColinRenouf on September 20th, 2006
Re: Microsoft Windows 2003 Active Directory integration
I think that now the SFU component isn't needed if the R2 RFC 2307 schema is installed and that installation is as for any standard LDAP except for the enabling of Kerberos for use with LDAP, i.e. the KRB5A options=authonly setting in methods.cfg. I'm going to have a go with this and document my results. One question though - can the AD "host" be a canonical alias for a number of DCs?
Reply With Quote
Comment
Page 1 of 3 1 23 >

Bookmarks

These are the 100 most searched terms
Search Cloud
0042-001 0042-001 nim 0042-302 0513-001 the system resource controller daemon is not active 0513-001 the system resource controller daemon is not active. 0514-061 0514-061 cannot find a child device 0514-061 cannot find a child device. 0516-787 extendlv 0516-787 extendlv: maximum allocation for logical volume 110000ac aa00e1f3 aio aix aix aio aix rsync aixif_arp_dup_addr b181fb53 ba010004 ba210000 c1001020 d133c002 dacnone dcb47997 dlpar fcp_array_err6 fget_config gnu tar aix gtar aix hi yall hmc 7 hmc root password hmc vmware hscl05db ibm p6 ibm p6 520 libpopt aix libpopt.a libpopt.a(libpopt.so.0) is needed by rsync-2.6.2-1 mksysb navisphere agent nim server pseries pseries led 610 pseriestech redhat vs suse rsync aix scan_error_chrp vio server websm xhost file ... powered by Simple Search Cloud

« How to Use the Advanced System Management Interface for Troubleshooting and Recovery | NIM server and client operations »

LinkBacks (?)
LinkBack to this Thread: http://www.pseriestech.org/forum/tutorials/microsoft-windows-2003-active-directory-integration-65.html
Posted By For Type Date
Discover From Your Favorite Topic or Web Page: subversion Windows Active Directory This thread Refback June 17th, 2008 07:01

Currently Active Users Viewing This Tutorial: 1 (0 members and 1 guests)
 
Tutorial Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Tutorial Tutorial Starter Category Comments Last Post
Knocks Solutions KNOCKSsolutions Announcements 0 June 9th, 2007 04:49
Active Directory Authentication bebenianne AIX for POWER Systems 4 June 6th, 2007 08:43
CIFS NFS V4 Windows 2003 server Clients John G Harney AIX for POWER Systems 0 September 20th, 2006 15:14



Powered by vBulletin® Version 3.7.0
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.2.0 RC7
Powered by vbWiki Pro 1.3 RC5. Copyright ©2006-2007, NuHit, LLC

vBulletin Skin developed by: vBStyles.com

Tutorial powered by GARS 2.1.8m ©2005-2006

pSeries Tech Talk - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43