David Orlo - 2012-08-14

So after weeks on trying to get the LDAP client to work I finally got Webmin to bring in my users and groups but I can't log in with any of them and one thing I noticed is when I click on any of the users the Password field is set to "No Password" which leads me to believe the passwords from AD are not being carried over.

I will describe my setup and what I have done so far.
Windows 2008 R2 Domain Controller
I created a new service account with Domain Admin privileges for LDAP authentication
Unix Integration package installed on my AD Domain Controller
Created a NIS domain with the same name as my AD Domain less the .net part
Each Group I want imported is configured on the UNIX Attributes tab in Active Directory with a unique GID
Each User same as above and I added them to the proper groups to match AD and they have a unique UID
Each user has the "posixAccount" Object Class added and each Group has the "posixGroup" Object Class added

RedHat 5 Server
LDAP Client Page / Server Configuration
IP Address of Domain Controller and Protocol set to Standard
Login for NON-Root is set to MYDOMAIN\Service.Account  (for some reason when it set to CN=Service.Account , DC=Domain, DC=net LDAP Fails Authentication)
Login for Root Same as above
Everything else Default

LDAP Search Base set to the OU where the users who I want access to the Linux servers reside and its set to Entire Subtree because some users are 3-4 OU's deep

Authentication Options are all Default
Does Password Storage Method matter? I have tried the default, UNIX Encryption, MD5 Encryption and Active Directory.

Services Using LDAP set to Users, Shadow Passwords and Groups

On the Webmin Users Page I have created a new group called Webmin Users and imported all of my LDAP users into it and gave them full permissions.

Under LDAP Users and Groups my Users and Groups show up but under Password its set to "No Password' I think this is likely the issues since I cant login with no password.

My end goal is to give my Active Directory users the ability to log into the Linux Servers with their Active Directory Credentials. Why this is so important is because our passwords expire every 60 days and we would like to keep the same level of security on our Linux servers while preventing users from using the Root Account.