SUMMARY: Configuring SSO against Active

From: <rob.leadbeater_at_lynx.co.uk>
Date: Fri, 06 Jun 2003 17:46:29 +0100

Hi managers,

Thanks to Paul Moore at HP, I've managed to get things working.
The latest documentation can be found at:

http://tru64unix.compaq.com/docs/sso/

The problem I was getting was a combination of Kerberos and the username
length.
Once I'd managed to get a simple test user authenticated, I then through
trial and error worked out that the maximum username length is 11
characters.

Tweaking the generic: section of sysconfigtab such that:
 login_name_max = 64

enabled my users with long names to authenticate OK.

Now I'm just trying to work out whether password expiry etc. works
properly...


Cheers,

Rob

 -----Original Message-----
From: rob.leadbeater_at_lynx.co.uk [SMTP:rob.leadbeater_at_lynx.co.uk]
Sent: Thursday, June 05, 2003 9:01 AM
To: tru64-unix-managers_at_ornl.gov
Subject: Configuring SSO against Active Directory


Hi managers,

Could anyone point me at an updated Best Practice or details on how to
get Tru64 5.1B users authenticating from the user database on
ActiveDirectory.

I've followed the Tru64 Security Administration manual, so have installed

the relevant extensions to the ActiveDirectory schema, and MMC
extensions, however I can't get a telnet session to authenticate using a
Windows username and password.

I think I'm probably hitting a username length issue somewhere, but I'm
not too sure. Our windows usernames are generally longer than 8
characters...

On the one attempt I got something other than login incorrect I saw the
following in the sialog file:

SIA:EVENT Wed Jun 4 16:54:55 2003
Successful session authentication for firstname_lastname on /dev/pts/2
SIA:EVENT Wed Jun 4 16:54:55 2003
Successful establishment of session
SIA:EVENT Wed Jun 4 16:54:55 2003
Successful launching of session
SIA:ERROR Wed Jun 4 16:54:55 2003
Failure in local launch mechanism.
SIA:ERROR Wed Jun 4 16:54:56 2003
Failure to launch session


Any pointers would be gratefully received.


Cheers,

Rob Leadbeater




This message is intended only for the use of the person(s) ("The intended
Recipient(s)") to whom it is addressed. It may contain information which
is privileged and confidential within the meaning of applicable law. If
you are not the intended recipient, please contact the sender as soon as
possible. The views expressed in this communication are not necessarily
those held by LYNX Express Limited.
Received on Fri Jun 06 2003 - 16:43:19 NZST

This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:44 NZDT