AD Authentication?
Kenny Lussier
klussier at gmail.com
Tue Mar 4 15:02:03 EST 2008
On Tue, Mar 4, 2008 at 9:30 AM, Matt Brodeur <mbrodeur at nexttime.com> wrote:
>
> On Tue, Mar 04, 2008 at 08:38:25AM -0500, Kenny Lussier wrote:
> >
>
> If you absolutely can't touch the AD servers you'll have to look at
> Samba's Winbind. IIRC, you'll want a separate LDAP server to store
> the SID-UID mappings, instead of letting each client make up their
> own.
What if I can touch the AD servers? Or, at least, I sit next to the
guy that can touch the AD servers? Are there other options?
> I don't know if the default AD schema has enough information to
> authenticate Linux clients directly. I think, at a minimum, you'll
> need Services For Unix installed. That'll add attributes which are
> almost, but not entirely, unlike the normal posixAccount ones. From
> there you could use OpenLDAP meta mapping to translate MS LDAP to
> something more sane.
>
> Disclaimer: I've probably done this exactly once, in a lab exercise
> during a class. FWIW, it's still what RH teaches as of 2006.
>
> --
> Matt Brodeur RHCA
> MBrodeur at NextTime.com http://www.nexttime.com
> PGP ID: 2CFE18A3 / 9EBA 7F1E 42D1 7A43 5884 560C 73CF D615 2CFE 18A3
> Apathy Club meeting this Friday. If you want to come, you're not invited.
>
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>
>
More information about the gnhlug-discuss
mailing list