[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Authenticate to Windows 2000



On Mon, 9 Dec 2002, Jim Hays wrote:

>I know.  One of the main reasons for K12LTSP is to get rid of M$ in
>schools, but I simply can't do that right now.  So here is my dilemma.
>
>I want to install K12LTSP lab in our district but we are using Microsoft
>Active Directory for user authentication.  I need to be able to have
>users at the workstations in the lab log it using their usernames and
>passwords on our main Windows 2000 Server running Active Directory.  I
>have done some reading and it should be possible.  My early tests have
>been unsuccessful.  Is there anyone out there who can steer me to a
>How-To that will show me - step by step - how to make this happen.
>
>The goal is for a student to log in to the K12LTSP workstation with
>his/her username and password (from the Windows network).  The student
>will be "authenticated" and connected to his/her home directory (on a
>Windows 2000 server - at least for now).
>
>Is anyone doing this?
>
>Also, is anyone doing something similar with Novell.  There is a school
>near here that needs to do the same thing with their Novell server. 

Both active directory & NDS can speak LDAP. I have not tried this with
either, but hopefully I can point you in the right direction...

run "authconfig" on the Linux box. On the first screen, check "Use LDAP"
and set the "Server:" to your AD/NDS server and the "Base DN:" will
likely be the domain name in LDAP format (i.e. example.domain.com will
be dc=example,dc=domain,dc=com). If you can't guess, you'll have to 
figure out how to get this info of the AD/NDS server.

On the second screen, check "Use LDAP Authentication" again. It should
fill in the Server & Base DN settings for you. 

Finally, you will probably have to tweak the /etc/ldap.conf file by hand.

Uncomment & edit these lines: (again, the details will very on your server
setup)

	nss_base_passwd        ou=People,dc=example,dc=com?one
	nss_base_shadow        ou=People,dc=example,dc=com?one
	nss_base_group         ou=Group,dc=example,dc=com?one

and there appears to be two special configurations for changing passwords
on active directory or NDS:

#pam_password nds
#  -- or --
#pam_password ad

Hope that helps...

-Eric





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]