Select extension: CRL Distribution Point (CDP)
Added : C:\Windows\System32\certsrv\CertEnroll\
Checked the following:
Publish CRLs to this location
Publish Delta CRLs to this location.
Rebooted just because.. everything is good now!
Wednesday, December 14, 2011
Dealing with a expired Windows CA CRL
Right-clicked CA server name --> Properties --> Extensions
Select extension: CRL Distribution Point (CDP)
Added : C:\Windows\System32\certsrv\CertEnroll\.crl
Checked the following:
Publish CRLs to this location
Publish Delta CRLs to this location.
Rebooted just because.. everything is good now!
Select extension: CRL Distribution Point (CDP)
Added : C:\Windows\System32\certsrv\CertEnroll\
Checked the following:
Publish CRLs to this location
Publish Delta CRLs to this location.
Rebooted just because.. everything is good now!
Wednesday, December 7, 2011
Tuesday, December 6, 2011
Linux join AD Domain
configure kerberos , [ NOTE: Windows domain name in CAPS]
Test with the following commands:
kinit Administrator
klist
install Samba and Winbind:
apt-get install samba winbind
winbind is a component of samba which allows UNIX systems to be full members of an Active Directory domain. Winbind shares the configuration file of samba, which is /etc/samba/smb.conf.
net ads join -U Administrator
Restart winbind and samba and you should be able to use winbind to list the users and groups using:
wbinfo -u
wbinfo -g
You are still not able to do anything other than list users. If you want to log into the system with the accounts, you'll need to modify the /etc/nsswitch.conf file to look outside of the local databases. To do this, modify the file as shown:
passwd: files winbind
group: files winbind
shadow: files winbind
Next, we'll have to modify the AAA settings of the system to use winbind as well. The files to modify are:
/etc/pam.d/common-account
/etc/pam.d/common-auth
/etc/pam.d/common-session
For account, we'll add the line above the current rule:
account sufficient pam_winbind.so
Do the same for auth and session, changing the "account" keyword to "auth" and "session" accordingly. At this point you should be able to log into the system by using the domain\username convention. For example, to log into the Administrator account, simply use syraxius\Administrator as the username
Additional Links:http://www.finnie.org/text/debian-domain-auth.html
Monday, December 5, 2011
Windows 2008 R2 DC NTP sync with Debian 6
When a Debian 6 is configured to use a Windows 2008R2 DC as its NTP Server with the follwong line @ ntp.conf
server w2008r2-DC, ntpq -p will display it as a peer, reachable and with correct offset. But the * will never appear, meaning its not synchronising with it.
if you stop the ntp daemon and do a ntpdate -d w2008r2-dc, this is what you will get:
It is obvious that Debian does not like the NTP packets coming from the Windows box and is droping them.
So I try using the Windows box to sync from the Debian box:
Windows box 2 registry entries:
1st->
2nd->
and then on the Debian box, nrp.conf:
service ntp restart
and on the Windows box event viewer :
server w2008r2-DC, ntpq -p will display it as a peer, reachable and with correct offset. But the * will never appear, meaning its not synchronising with it.
So I try using the Windows box to sync from the Debian box:
Windows box 2 registry entries:
1st->
 |
| 192.168.1.130 is the ip address of the Debian box |
service ntp restart
and on the Windows box event viewer :
Subscribe to:
Posts (Atom)