Open-AudIT

What's on your network?
It is currently Wed Jan 24, 2018 6:04 am

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 6 posts ] 
Author Message
PostPosted: Thu Nov 26, 2009 12:56 am 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
Well it finally happened, my ancient OpenAudit host windows PC died, and I decided to use the opportunity to replace it with a Linux box.

It looked quite easy, especially since I decided to use Ubuntu, probably the easiet OS in the world to install.

Everything went as expected, I installed 9.10 and Apache, MySQL, PHP and the PHP Ldap extensions. I also set up SAMBA, and shared out the web folder to my Windows network.

I restored the old htdocs - openaudit folder, set up Tortoise SVN to ensure there were no updates required, and restored the MySQL database.

All looked just fine, until I went to log in.. I see the login OK, but obviously the LDAP settings are different under Linux, 'cos I cant log in. :shock:

If I switch off ldap login ($use_ldap_login = 'n'; in include_config) then openaudit is working fine, however all of the ldap stuff is broken.

All of the old ldap connections have restored, and all of the ldap config options are as they were previously, therefore before I don my Sherlock Homes hat, and spend the afternoon sleuthing, I thought I'd ask if anybody else had seen the issue, or indeed had ldap working from linux to Active Directory. If so, whats the secret?

_________________
Andrew

OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory


Top
 Profile  
Reply with quote  
PostPosted: Thu Nov 26, 2009 1:48 am 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
:oops: ... well its always the simple things isn't it.

Seems that I can't nslookup local resources on my Windows 2003 DNS servers from my Linux box. It will allow me to look up google etc, but says SERVER FAIL for any local names... Windoze security probably, as the Linux box is not part of the domain.

I have worked around this by changing the machine names to IP addresses in the config, and it all seems to be working now.

_________________
Andrew

OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory


Top
 Profile  
Reply with quote  
PostPosted: Thu Nov 26, 2009 7:39 am 
Offline
Contributor

Joined: Fri Jul 04, 2008 6:46 am
Posts: 153
Location: USA - WI
If you go from Windows to Linux or vice-versa, you will need to enter in the username/passwords in the LDAP connections again because the AES keys used to encrypt it will be different between the two.

Also, if you're having name resolution issues check your /etc/resolv.conf file. It should have the domain to search and the IP addresses of your DNS servers. If it doesn't look right, make sure it looks something like so ...

Code:
domain mydomain.com
search mydomain.com
nameserver 192.168.1.2
nameserver 192.168.1.3

_________________
OA Server: Debian Squeeze w/ Apache2
Auditing: 700 Workstations, 250 or so Retail Terminals, about 75 Servers
OS's: Windows XP/2003/2008/2008 R2/Vista/7, Debian
LDAP: Active Directory 2008 R2


Top
 Profile  
Reply with quote  
PostPosted: Tue Dec 01, 2009 6:31 am 
Offline
Contributor

Joined: Fri Jul 28, 2006 6:30 am
Posts: 157
Location: London
Chad wrote:
If you go from Windows to Linux or vice-versa, you will need to enter in the username/passwords in the LDAP connections again because the AES keys used to encrypt it will be different between the two.


Not just between Windows and Linux - moving between any two systems will require the usernames/passwords updating.

_________________
Cheers, Nick.

OA Server: Windows Server 2003 / Apache 2
Auditing: 1600 Workstations, 200 Servers
OS's: Windows XP / Windows 2000 / Windows 2003 Server / Windows Vista
LDAP: Active Directory


Top
 Profile  
Reply with quote  
PostPosted: Sat Apr 10, 2010 4:24 am 
Offline
Newbie

Joined: Mon Apr 05, 2010 5:02 pm
Posts: 1
NickBrown wrote:
Chad wrote:
If you go from Windows to Linux or vice-versa, you will need to enter in the username/passwords in the LDAP connections again because the AES keys used to encrypt it will be different between the two.


Not just between Windows and Linux - moving between any two systems will require the usernames/passwords updating.



Yeah your right not just between windows and Linux - moving between any two systems will require the user names/passwords updating


Top
 Profile  
Reply with quote  
PostPosted: Wed Sep 29, 2010 6:08 am 
Offline
Newbie

Joined: Wed Sep 29, 2010 6:05 am
Posts: 1
That statement is untrue. When migrating users from a linux to linux all you need to do is copy the passwd shadow groups and gpshadow over to the new box. I originally thought it would not work as well, but there are many migration guides on the net and I have followed them successfully.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 6 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group