I eventually figured out what was happening after sniffing the wire. Turns out the linux box was just query dns for a SRV record and the DNS server returned any DC (round robin effect). I did decide against mucking with the primary AD domain servers and created a separated non-AD integrated DNS server and supplied it with all of the necessary information. That seemsed to work without issue thus far.
Kind Regards, Jennifer Fountain Security System Analyst 3400 E Walnut Street Colmar, PA 18915 ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Sunday, April 23, 2006 3:02 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Weird Ldap issue with redhat 2.1 and AD You need to figure out how the service is determining where to go search. If it is just asking for any DC of a domain, you are going to get a list of DCs back and the client app is going to figure out which one it wants to go to. I don't think you want to be mucking in DNS to fix this. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jennifer Fountain Sent: Thursday, April 20, 2006 9:45 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Weird Ldap issue with redhat 2.1 and AD I think I know the problem. the ldap service needs to log into AD so it can search the basedir. I do not allow Anonymous searches. For some reason, it's logging in on that remote server and not a local server. How can I fix that via dns? Kind Regards, Jennifer Fountain Security System Analyst 3400 E Walnut Street Colmar, PA 18915 ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jennifer Fountain Sent: Thursday, April 20, 2006 8:56 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Weird Ldap issue with redhat 2.1 and AD AD4Unix This is really weird. I am pointing to a windows 2000 server using ldaps but searching a response from a windows 2003 using ldap. Kind Regards, Jennifer Fountain Security System Analyst 3400 E Walnut Street Colmar, PA 18915 ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Thursday, April 20, 2006 8:48 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Weird Ldap issue with redhat 2.1 and AD SFU? Which version? On 4/20/06, Jennifer Fountain <[EMAIL PROTECTED]> wrote: I currently have my redhat 2.1 linux box configured to authenicate against my windows 2000/2003 AD box. For some reason, even though I have the following configuration, the box is trying to access a remote server at a remote site. The remote server isn't in the configuration but the server still tries to access it. Problem still occurs when ssl is turned off. I cannot figure out the issue. Has anyone experienced similar issues? /etc/openldap/ldap.conf HOST x.x.x.x uri ldaps://server BASE dc=3Dxx,dc=3Dxxx /etc/ldap.conf host x.x.x.x uri ldaps://server base dc=3Dxx,dc=3Dxx ldap_version 3 binddn cn=3Dxxx,ou=3Dxxx,dc=3Dxx,dc=3Dxx bindpw xxx scope sub port 636 pam_filter objectclass=3Duser pam_login_attribute sAMAccountName ssl yes pam_password ad nss_base_passwd ou=3Dxx,dc=3Dxx,dc=3Dxx?sub nss_base_shadow ou=3Dxx,dc=3Dxx,dc=3Dxx?sub nss_base_group ou=3Dxx,dc=3Dxx,dc=3Dxx?sub nss_map_objectclass posixAccount User nss_map_attribute uid sAMAccountName nss_map_attribute uniqueMember Member nss_map_attribute userPassword msSFUPassword nss_map_attribute homeDirectory msSFUHomeDirectory nss_map_objectclass posixGroup Group nss_map_attribute cn sAMAccountName Kind Regards, Jennifer Fountain Security System Analyst 3400 E Walnut Street Colmar, PA 18915 CONFIDENTIALITY NOTE The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. CONFIDENTIALITY NOTE The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. List info : http://www.activedir.org/List.aspx <http://www.activedir.org/List.aspx> List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ <http://www.mail-archive.com/activedir%40mail.activedir.org/> CONFIDENTIALITY NOTE The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. CONFIDENTIALITY NOTE The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. CONFIDENTIALITY NOTE The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
