[K12OSN] nis,ldap,ad

Henry Burroughs hburroughs at HHPREP.ORG
Mon Jun 7 16:26:37 UTC 2004 

Mark,

I have been using winbind to access AD, however I am in the process of
migrating to accessing AD via kerberos and AD (as an LDAP server).  I
have successfully gotten my own system to authenticate and login using
the kerberos/ldap method.  I discovered the MKSADPLUGINS.msi program
which installs a UNIX schema in AD... hence giving you unix UIDs, GIDS,
etc.  Finally found a .pdf file from Brazil that details the steps out
fairly well...  maybe I should just condense it into a wiki.

It will require you to give each user a unix UID... which I would not
want to do by hand at all... I am going to be working on a perl script
this week to automate giving everyone existing a UID... and then php
scripts for a secure page that I can easily add new users to AD and have
the appropriate info already filled out.

Also, beware that your new UIDs for users will be different probably
from winbind, unless you write a script to copy the winbind uid to the
uid in AD.  I mainly have to worry about home directories.... so I'll
just get new uids for everyone, and loop through the home directory
doing something like:

cd /home/
for userdir in `ls *`; do
	chown -R $userdir $userdir
done

And most of my problems will be fixed.

I haven't personally decided if I want to phase AD out any time soon...
but you probably could do a dump of the UNIX info in AD at a later date
and move it to just plain ldap...  aahh... fun with Perl....

Let me know if I can help or if you want a copy of my initialize script
(giving everyone a unix UID, other info).

-- 
Henry Burroughs
Technology Director
Hilton Head Preparatory School
www.hhprep.org
hburroughs at hhprep.org


> 
> ______________________________________________________________________
> From: cliebow at downeast.net
> To: Support list for opensource software in schools. <k12osn at redhat.com>
> Subject: Re: [K12OSN] nis,ldap,ad
> Date: Sat, 05 Jun 2004 15:55:24 +0000
> 
> i use winbind to auth to w2k ad..osx to w2k is still broken i think..
> chuck
> > I've been pouring over past threads covering all of these. I have all 
> > win2k servers running AD. I'm trying to migrate to LTSP/linux as easy as 
> > possible. As far as authentication, what would be the best route. I have 
> > a mix of  Linux, windows  95-xp,
> > OS 9-X. Authentication across the board is getting difficult. I 
> > eventually want to be mostly  LTSP boxes. I have no choice on the macs, 
> > but they are mostly OS X. Words of wisdom?
> > Thanks
> > Mark
> > 
> > -- 
> > Mark Gumprecht 
> > Data Systems Specialist 
> > MSAD#3 
> > Unity, Maine 04988 
> > Gumprechtm at msln.net

More information about the K12OSN mailing list