[TriLUG] ldap authentication from Active directory or NTDS

Roy Vestal rvestal at trilug.org
Tue Jan 13 22:11:26 EST 2004


I have just done this.  I didn't worry about PAM. I had to use
krb5-libs-1.3.1.src.rpm from fc1 on my 9 boxes. There will be LOTS of
upgrades you will need to do.

I also compiled Samba 3.0.0 and 3.0.1 from scratch. One note, in 3.0.0 ,
username map is broken, and in 3.0.1, it's fixed but kerberos tests
against mem map, not the flat files. I had to "hack" the configure
script (/me shivers) to fix it. If you think you are going to need to go
down that road, let me know and I'll send the configure hack to you
(it's on my desk at work, not avail. at the time of this writing).

On Thu, 2004-01-08 at 10:18, Joseph Tate wrote:
> Magnus wrote:
> > 
> >> I would like samba to pull a useraccounts from Active Directory to 
> >> authenticate users for access to fileshares..  Does anyone have easy 
> >> instructions on using PAM to set this up?
> > 
> > 
> > I'm in the middle of doing something like this now at $WORK.  The gist 
> > of it is that Active Directory does not have the right schema to handle 
> > *NIX users, and must be extended.  For <$100 MSRP you can get MS 
> > Services For UNIX (SFU).  This will, among other things, extend you 
> > schema and give you MMC snap-ins to manage *NIX user attributes on the 
> > same objects as Windows users.  That's step one.
> > 
> 
> Supposedly Windows 2003 server's AD supports the INetOrgPerson schema.




More information about the TriLUG mailing list