Managing Active Directory from Linux with adtool

Update Early and Often

Remember, a software update for any project can cause mysterious problems to go away – or to appear. So, if you're experiencing issues with adtool and are confident that your queries and commands are using the proper syntax, and if you are convinced that your LDAP and Active Directory servers are properly configured, you might simply need to use a different version of adtool. As of this writing, the most current version is 1.3.3. Use that version unless you find that using an older version somehow resolves any connection problems you might be having.

Conclusion

So, you now have a good understanding of how to use adtool to administer a Microsoft domain controller. Using adtool across an encrypted connection gives you the ability to use your Linux system as efficiently as a Windows system. adtool is a powerful tool, and you now know many of the commands that will allow you to work and play well with Microsoft systems.

Adtool and Password Complexity

I've noticed over the years that quite a few adtool newbies have problems troubleshooting a new adtool implementation because of password requirements. Systems administrators sometimes use a simple password for a "dummy" user when testing a new application such as adtool.

Make sure you use a sufficiently complex password that Microsoft domain controllers like. Usually, systems expect your password to fulfill three of the following five categories: Uppercase letters, lowercase letters, base 10 digits, non-alphanumeric characters, and unicode characters. For more information about password complexity on Microsoft networks, consult Microsoft's TechNet site [7].

Reverse DNS and adtool

Authentication issues can get particularly sticky when you are using SSL-enabled connections. Error messages such as the following will often appear in your logs:

Invalid credentials (49)
additional info: 720408159: \
     LdapErr: DSID-0C090334, \
     comment: AcceptSecurityContext error, data 525, vece

In some cases, I've noticed that Microsoft domain controllers sometimes expect valid reverse DNS at login time. So, if you haven't properly set up reverse DNS, you'll run into problems. If you encounter errors that mention an authentication failure and then bind, consider creating or updating reverse DNS in bind. That will most likely solve any problems you have, as long as you are not experiencing a larger authentication issue.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Table of Contents: 152

    We look at SharePoint integration and show you how to manage Active Directory from Linux. But first, a special story on a dangerous new class of intrusion tools.

  • OpenLDAP 2.4.8 with Bugfixes

    The new 2.4.8 version mainly offers bugfixes for the free OpenLDAP directory service, while adding a Slap daemon encryption feature.

  • Stopping Drive-By Attacks

    You won't find a perfect solution to the growing problem of drive-by attacks, but many tools are available to help you keep malicious code off your network.

  • Samba 4

    A technical preview version of Samba 4 became available at the end of January. We took a look at what’s coming in the next version of the Samba file and print service suite.

  • Radius and 802.1X

    The Radius protocol is typically used to authenticate users in dial-up scenarios. But Radius is also useful in LAN environments: in combination with 802.1X, Radius forces users to authenticate at a low level before the switch opens up a port.

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95

News

njobs Europe
What:
Where:
Country:
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia