I have an LDAP server Novell eDirectory in my Environment through which has the user data. In my Environment i have set of Windows and Linux servers. I need to use this LDAP As the Authentication Source for for both the servers.
For Linux i need to achieve this by setting the linux as LDAP Client & extended edirectory schema for linux users and users are able to login into the machine and even able to create the home directories for the user. But the problem comes with the windows machines.
For windows machines i have used novell gina which authenticates the user using LDAP but it also requires a local or domain user credentials to login into the local system.Then for every user i have to create a local user on every system which is off target of purpose.
Then i have used pgina (Another Open Source Gina) through which i can authenticate the user using LDAP and it creates a profile for the user. Fine but it is also creating a local user with the LDAP username.If any admin changes password on the local machine for this user then the password of both the LDAP and local user will not be in sync.
How can i get the login behavoiur of active directory where it will authenticate against active directory (Think AD as LDAP) and creates a profile for you in the local system but never creates a local user.Anybody can throw some light on this to solve the issue?
Thanks and Regards,
Sunny.
I guess you are using Open Enterprise server. If you are on OES linux, probably you can use Domain Services for Windows This can help achieve what you want. You will not even need a gina login. Its a Domain emulator. So, there wont be any ldap login. It would be a kerberos login. Your eDirectory (and other related services) work exactly like AD domain. But nothing stops you to use the plain ldap login against eDirectory. You can continue to use the linux login as its now. If you are using gdm (gnome display manager) on linux it can do a domain login like the windows.
Related
I have a Rocketchat server on docker and have Openldap server on ubuntu 16.04. I want when any user registered in my Rocketchat server by default to be added to his ldap server automatically.
is this possible?
You probably would get it easier the other way, register the user in LDAP and then sync LDAP with RocketChat.
This way you can use LDAP Sync to get your RocketChat users synced.
I want to configure LDAP server on Linux (centos is most preferable) and I want to authenticate from my windows client to that LDAP server (on Linux) and also I want that home folder of the windows user must be stored on LDAP server (on Linux).
So how can I achieve this setup? is it possible?
You will need more than an LDAP server, as Windows clients are relying on more services than just LDAP.
Look at Samba Servers on Linux.
I'm looking at using SQL LocalDB as the client side database which will replace the current SQL CE 3.5 database inside an in-house application developed in .net 4.
I've come across a problem that I'm not sure how to get around and that's with security setup of the LocalDB instance.
If I setup a script inside .net to create a private LocalDB instance, e.g. (localdb)\T1, then create a new database inside that instance plus add a SQL user account + password (non domain account), how do I stop the local windows users (like my own AD account) with admin level privileges from accessing the 'T1' instance + database using SSMS?
I could see a scenario playing out where we deploy the application, then we have some IT savvy user who goes snooping around and decides to install SSMS and connect to (localdb)\T1 with their windows account, which would give him/her full access to the database, which is exactly what I'm trying to stop from happening.
Some of our staff work remotely with no connection to a domain so we give them local admin rights to their pc so they can install software, so even if I could block their assigned windows login name, there would be nothing stopping them from setting up a new local admin account and logging in with that, opening SSMS then accessing the database.
Any pointers on this would be greatly appreciated!
In fact, it shouldn't be so hard. Install SQL Server on client machine using local admin account. To make you life easier, use Mixed Authentication.
After you have your instance installed, local admin account should have sysadmin server role assigned (that's normal security settings). Now, use the following:
Create new SQL Server user and assign sysadmin server role to that account. Close SSMS and log-in using new credentials. Or simply use sa account (not so good practice but in this case it's OK).
Go to "Security - Logins" and remove sysadmin role from local admin. Also, check in user mappings and take all rights "away" from local admin.
As a test, try to log-in as local admin, I guess you won't be able to log-in into server because there is no "home" database for that user. But even if you can log-in, it has only "public" role.
It's up to you to install your database and secure it - assign permission to user of your choice.
Regarding you fear that local admin can install MSSQL again: he/she can install it, but it would be another instance. That instance knows nothing about users in your instance so you should be safe.
You can also consider usage of application roles in SQL server.
I am trying to connect to SQL Server 2012 on a separate domain to Visual Studio/ my computer. (It’s my personal machine on a workgroup).
I have access to the server and can log in fine with SQL authentication but want to log on via Windows Authentication. When I try I get the following error:
The login is from an untrusted domain and cannot be used with Windows Authentication.
This is on the data connection of Visual Studio- nothing to do with any code.
How do I make the domain trusted (without login via AD on my machine) or get around this issue?
I tried using Control Panel credential manager but with no luck.
Thank You
That is a setting on the domain controller, not on your computer. The domain the SQL Server is in needs to trust the domain you are login in from. As you have a workgroup computer, that domain would be just your computer.
Talk to your domain admin to see if they can make that happen.
I managed to solve it by running the following command from the same folder as the software:
runas /netonly /user:<Username and Domain> <name of exe>
I brought my laptop home from work hoping I could get some tasks done over the weekend. Unfortunately, I couldn't login to SQL Server using Windows Authentication. I've checked the SQL Server Configuration Manager and the instance (MSSQLSERVER) is set to Log On As Local System, which supposedly means that I should be able to login fine using Windows Authentication... or am I missing something here? Note that in the login window, I tried a lot of different combinations and it always keeps telling me that connection failed because the server is not accessible or I'm not authorized to access it.
A little background about how the instance was installed: I installed and configured it myself. I chose the Mixed Authentication mode and gave a password to the default sa user (which isn't working either by the way). The thing I suspect could be the problem is the fact that I installed the SQL SERVER instance when I was logged in as my Domain User at work (DOMAIN\UserName). Now I'm at home and I do not have access to the LAN at the office, so I'm logged in as the {COMPUTERNAME}\Kassem user.
Any thoughts?
A windows account has to be added to SQL Server to have any rights. If you didn't add {COMPUTERNAME}\Kassem, you can't login to SQL Server.
The recovery option here is the SA password, which should always work.
To connect to the default instance, connect to localhost or .. Connecting to .\MSSQLSERVER won't work, even though MSSQLSERVER is the default instance name.