Managing Active Directory from Linux with adtool
Update Early and Often
Remember, a software update for any project can cause mysterious problems to go away – or to appear. So, if you're experiencing issues with adtool and are confident that your queries and commands are using the proper syntax, and if you are convinced that your LDAP and Active Directory servers are properly configured, you might simply need to use a different version of adtool. As of this writing, the most current version is 1.3.3. Use that version unless you find that using an older version somehow resolves any connection problems you might be having.
So, you now have a good understanding of how to use adtool to administer a Microsoft domain controller. Using adtool across an encrypted connection gives you the ability to use your Linux system as efficiently as a Windows system. adtool is a powerful tool, and you now know many of the commands that will allow you to work and play well with Microsoft systems.
Adtool and Password Complexity
I've noticed over the years that quite a few adtool newbies have problems troubleshooting a new adtool implementation because of password requirements. Systems administrators sometimes use a simple password for a "dummy" user when testing a new application such as adtool.
Make sure you use a sufficiently complex password that Microsoft domain controllers like. Usually, systems expect your password to fulfill three of the following five categories: Uppercase letters, lowercase letters, base 10 digits, non-alphanumeric characters, and unicode characters. For more information about password complexity on Microsoft networks, consult Microsoft's TechNet site .
Reverse DNS and adtool
Authentication issues can get particularly sticky when you are using SSL-enabled connections. Error messages such as the following will often appear in your logs:
Invalid credentials (49) additional info: 720408159: \ LdapErr: DSID-0C090334, \ comment: AcceptSecurityContext error, data 525, vece
In some cases, I've noticed that Microsoft domain controllers sometimes expect valid reverse DNS at login time. So, if you haven't properly set up reverse DNS, you'll run into problems. If you encounter errors that mention an authentication failure and then bind, consider creating or updating reverse DNS in bind. That will most likely solve any problems you have, as long as you are not experiencing a larger authentication issue.
- adtool: http://gp2x.org/adtool/
- Debian "squeeze" admin packages: http://packages.debian.org/squeeze/admin/
- adtool Removed from Testing: http://packages.qa.debian.org/a/adtool/news/20120313T163912Z.html
- Splunk: http://www.splunk.com
- Open LDAP: http://www.openldap.org
- TinyCA: http://www.sm-zone.net
- TechNet on Passwords: http://technet.microsoft.com/en-us/library/cc875814.aspx
Buy this article as PDF
The bug was introduced back in 2009 and has been lurking around all this time.
The new release deprecates the sshd_config UsePrivilegeSeparation option.
Lives on as a community project
Five new systems join Dell XPS 13 Developer Edition that come with Ubuntu pre-installed.
The Skype Linux client now has almost the same capabilities that it enjoys on other platforms.
At CeBIT 2017, OpenStack Day will offer a wide range of lectures and discussions.
A major setback for the Linux desktop.
Improved support for GPU in virtualization.
News site for the openSUSE community falls victim to a Wordpress exploit.
The source code is available online.