[TriLUG] ldap authentication from Active directory or NTDS

Jon Carnes jonc at nc.rr.com
Thu Jan 8 09:07:59 EST 2004


Nice trick! I'll have to try that out.

BTW: Embrace the new era and accept that HTML email is here to stay...

Jon

On Thu, 2004-01-08 at 06:23, Magnus wrote:
> On Wednesday, January 7, 2004, at 02:46  PM, spain at ncssm.edu wrote:
> 
> > I have a small network running active directory with a RH9 server 
> > running Samba,apache/mysql..
> 
> And a MUA that is sending uglified HTML email.  Please fix that.
> 
> > I would like samba to pull a useraccounts from Active Directory to 
> > authenticate users for access to fileshares..  Does anyone have easy 
> > instructions on using PAM to set this up?
> 
> I'm in the middle of doing something like this now at $WORK.  The gist 
> of it is that Active Directory does not have the right schema to handle 
> *NIX users, and must be extended.  For <$100 MSRP you can get MS 
> Services For UNIX (SFU).  This will, among other things, extend you 
> schema and give you MMC snap-ins to manage *NIX user attributes on the 
> same objects as Windows users.  That's step one.
> 
> Now how to pull that data out of Active Directory once it's in?  You 
> could use LDAP, true.  Or you could be lazy and use NIS.  The passwords 
> are in Kerberos so NIS isn't nearly as bad as it normally would be.
> 
> You can set up Linux to auth against Kerberos with no mods to your 
> Windoze box.  Just run authconfig on your RH box and on the second 
> screen tell it to auth against your AD server.  Caveat: The MS 
> implementation of Kerberos is incomplete and you won't have an Admin 
> Server.  You'll have to sort out some other method for users to change 
> their passwords.  If you're only running Linux on the file server, this 
> shouldn't be a concern.  I've got Linux desktops where it becomes more 
> of an issue.
> 
> Once you've got all the right fields filled out in authconfig, PAM will 
> take over.  Nothing special to do in Samba then as the AD users will be 
> able to mount Samba shares as easily as local users.
> 
> --
> 
> C. Magnus Hedemark
> http://trilug.org/~chrish
> "The only way to keep your health is to eat what you don't want, drink 
> what you don't like, and do what you'd rather not." - Mark Twain
> 
> ______________________________________________________________________
> 
> -- 
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc




More information about the TriLUG mailing list