Solaris logins work!

What a frustrating afternoon. I spent today working on the Solaris LDAP/Kerberos configuration for authenticating against AD. The short story is that I can now successfully login to my Solaris 10 zone using my windows credentials. Just like on the linux box. The long story (with details) will be posted later because Alex and I […]

Whoops. Account lockouts baaaaaaad!

So I found one downside to using this AD/LDAP configuration. Ok, not really a downside, just a really big caveat. The account used for binding to the LDAP server can get locked out if it authenticates too many times with the wrong password. Discovered this yesterday when I inadvertently changed the password in my configuration […]

Woot! Unix group enumeration from AD groups.

Well, that was easy enough. Just needed to understand a bit more of the AD OU structure here. (Sanitized a bit for now). -bash-3.2$ touch foo bar baz quux -bash-3.2$ ls -l total 0 -rw-r–r– 1 hcoyote UNIXTEST-test 0 Jun 3 16:59 bar -rw-r–r– 1 hcoyote UNIXTEST-test 0 Jun 3 16:59 baz -rw-r–r– 1 hcoyote […]

Ha ha! SSL success for AD/LDAP.

Ha ha! Further success on the Linux -> Active Directory integration front. I got SSL working for the underlying ldap bind user. What’s this mean? Protection of the directory information over the wire as it travels from the domain controller to the client host where it will be used. So what’s the necessary setup bits?  […]

Authenticating to Austin AD from Linux

Woot!  With the help of barthag, I got one of our linux boxes configured to provide passwd file map backend via AD/LDAP and authentication via AD/Kerberos.  Most of the problems stem from permissions issues on the AD side and making sure things are open “enough” to let us through to query for information. On the […]

Encrypting MySQL connections

One of the things I’ve been tasked with implementing is support for serving Category 1 data from our MySQL servers.  Historically, this has been shied away from because of the complexity associated with managing the SSL certificates for all of the potential clients.  This came up again after I took over.  There are customers inside […]

Useful LDAP/Kerberos integration resources

I was recently in a meeting discussing the integration of Unix account management (passwd and group) with Active Directory via LDAP and Kerberos.  Having done some of this at a previous job, I’d already done some research into getting it working.  I found some useful resources back then on getting this all working right.  I […]

Confusing service types

One of the problems we face in ITS is promoting, yet differentiating, the types of MySQL services we provide.  I hear you thinking, “But you’re ITS!  You only provide one type … it’s just mysql!”  Yes and no.  I’m in this weird spot where I’m tasked with being the lead MySQL person for ITS Systems […]

The Trouble with MySQL Tribbles

Well, I’ve been back at UT for almost two months now and finding it to be a pretty enjoyable experience.  For those who don’t know me, my name is Travis Campbell.  I work in ITS Systems Unix managing the hosted MySQL database services for the University.  As I get deeper into UT’s MySQL infrastructure, I’ll […]