Re: LDAP signing and Linux clients
- From: "Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx>
- Date: Sun, 1 May 2005 18:04:31 -0400
That would be a great question to ask them, Paul. I've not had reason to
test that out, although I can't think of a reason it would not at the
moment. I can tell you that no matter what template you use, you'll want to
test the clients that access it extensively.
Al
"Paul Nelson" <nelson@xxxxxxxxxxx> wrote in message
news:BE927993.2D428%nelson@xxxxxxxxxxxxxx
> Does Centrify work with domain controllers with the HISECDC template
> applied?
>
> in article #8TM#$GSFHA.2788@xxxxxxxxxxxxxxxxxxxx, Al Mulnick at
> amulnick_No_SPAM@xxxxxxxxxxx wrote on 4/23/05 8:50 PM:
>
>> I remember trying some of these as well. I thought this was a better use
>> of
>> time http://www.centrify.com
>> Much simpler and MUCH less time to implement.
>>
>> Al
>>
>> "Paul Nelson" <nelson@xxxxxxxxxxx> wrote in message
>> news:BE904923.2CE9D%nelson@xxxxxxxxxxxxxx
>>> I have done some work on getting LDAP signing and encryption to work
>>> with
>>> Kerberos. Some versions of GSSAPI do not work properly with encryption,
>>> but
>>> do work with signing. I also believe there is a bug in Microsoft's LDAP
>>> signing implementation, but that isn't a big deal. This has do with how
>>> they interpret certain bits in the GSS authentication.
>>>
>>> If you want to email me directly, I could give you more info.
>>>
>>> Paul Nelson
>>> Thursby Software Systems
>>> nelson@xxxxxxxxxxx
>>>
>>> in article 93BD8D97-90E9-49A6-B537-FD590AA9E23A@xxxxxxxxxxxxx, Jonas
>>> Back
>>> at
>>> jonasback@xxxxxxxxx wrote on 4/21/05 12:46 PM:
>>>
>>>> We have an AD running on Win 2003 servers. We have secured our domain
>>>> and
>>>> one
>>>> of the settings we've secured is "Network security: LDAP client signing
>>>> requirements" and to "Negotiate signing".
>>>>
>>>> In our lab I successfully installed SFU (service for unix) and wanted
>>>> our
>>>> Linux (Red Hat) clients to be able to ask LDAP questions to our DC's
>>>> and
>>>> also
>>>> make it possible for them to share drives using Samba and let the users
>>>> authenticate against our AD. I know that Win 2003 doesn't support
>>>> anonymous
>>>> bind so I use a user to bind LDAP. Both these scenarios works fine in
>>>> my
>>>> lab
>>>> using Fedora Core 3 clients.
>>>>
>>>> Now when I try this in our production environment where we have RH ES 3
>>>> servers it doesn't work and that's probably because we demand LDAP
>>>> signing. I
>>>> found some bug on the Samba website regarding this:
>>>> https://bugzilla.samba.org/show_bug.cgi?id=765
>>>> It recommends using certificates to SSL/TLS instead of just signing but
>>>> we're in a phase that we don't want to go to deep into certificates -
>>>> we
>>>> just
>>>> want it to get to work.
>>>>
>>>> I can go into detail in this matter but I just want to hear if someone
>>>> else
>>>> have had this problem or if someone can explain the details in this
>>>> issue. Is
>>>> there some kind of depnedence between LDAP (OpenLDAP) and Samba?
>>>> Specially
>>>> when it comes to securing the above LDAP setting. I'm no Linux expert
>>>> and
>>>> since Linux-experts seldom are Active Directory-experts I find it hard
>>>> to
>>>> find this kind of information.
>>>>
>>>> Thanks!
>>>
>>>
>>
>>
>
>
.
- Prev by Date: RE: How to Get DNS for Group Policy Working?
- Next by Date: Re: Editor for ADAM using a GUI
- Previous by thread: RE: How to Get DNS for Group Policy Working?
- Next by thread: Re: Old computer accounts
- Index(es):
Relevant Pages
|
