[KLUG Members] Managing AD from Linux?

[Adam Tauno Williams]

On Fri, 2005-12-30 at 13:40 -0500, Bruce Smith wrote:
> > > supportedSASLMechanisms: GSSAPI
> > > supportedSASLMechanisms: DIGEST-MD5
> > It supports DIGEST-MD5 so it is worth trying an ldapmodify with an MD5
> > bind (be sure to use encryption).  Level of access in AD is often
> > related to the 'strength' of your connection.
> I've been trying all morning without luck.  When I try digest-md5 I get:
> "The digest-uri does not match any LDAP SPN's registered for this
> server., data 0, vece"

Buggers, what does your LDAP command loook like?

> I even tried GSSAPI.  I can run kinit and get a ticket from AD, 
> but ldapsearch says:
> "Miscellaneous failure (Server not found in Kerberos database)"
> Is this because I haven't "joined the domain"?  

:) Joined which domain?  This terminology gets all twisted around.

> Or there is no record in AD for my Linux box? 

This would be my guess, a key exchange won't work if name resolution
doesn't work.

>  (currently looking at the samba-howto to find out
> how to join a domain - without luck so far)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.kalamazoolinux.org/pipermail/members/attachments/20051230/349c0450/attachment.bin