Active Directory access without Samba and Kerberos?
Rolf Grau
rgrau33 at hotmail.com
Tue Jul 27 20:08:30 UTC 2004
Hi
I have got a very simple question to which I just could not find any answer:
Is there a way to configure my Redhat 9, so user login gets checked against
our Microsoft Active Directory? WITHOUT having to setup Samba and Kerberos,
OpenLDAP, etc.? If not, why not? if yes, what would be pros and cons?
I first thought that it would be possible to do so by just configuring
/etc/ldap.conf, and nsswitch.conf, and then activate it through authconfig,
but it just will not work :(
Any clue? or any web page you could recommend?
I've followed basically the following guidelines on the files configuration:
----------------------------------------------------------------------------
Check if your /etc/nsswitch.conf looks something like this:
#ident $Id: nsswitch.ldap,v 2.3 1999/04/13 22:56:43 lukeh Exp $
#
# An example file that could be copied over to /etc/nsswitch.conf; it
# uses LDAP conjunction with files.
#
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
# the following two lines obviate the "+" entry in /etc/passwd and
/etc/group.
passwd: files ldap
group: files ldap
# consult DNS first, we will need it to resolve the LDAP host. (If we
# can't resolve it, we're in infinite recursion, because libldap calls
# gethostbyname(). Careful!)
hosts: files dns
In the /etc/ldap.conf file you should basically change the following lines:
host <IP or DNS name of AD server>
base dc=ad,dc=server,dc=org
ldap_version 3
binddn cn=Administrator,cn=Users,<your_base_dn>
bindpw <your_administrator_password>
scope sub
nss_base_passwd cn=Users,<your_base_dn>?sub
nss_base_shadow cn=Users,<your_base_dn>?sub # Maybe comment out.
nss_base_group cn=Users,<your-base_dn>?sub
nss_map_objectclass posixAccount User
nss_map_objectclass shadowAccount User # Maybe comment out.
nss_map_attribute uid sAMAccountName
nss_map_attribute userPassword msSFUPassword # Maybe comment out.
nss_map_attribute homeDirectory msSFUHomeDirectory
nss_map_objectclass posixGroup Group
nss_map_attribute uniqueMember Member
nss_map_attribute cn sAMAccountName
pam_login_attribute sAMAccountName
pam_filter objectclass=user
pam_password ad
----------------------------------------------------------------------------
Any hint?
Thanks in advance.
Best regards,
Rolf
_________________________________________________________________
Sorgen Sie dafür, dass Sie Ihre Messenger-Nachrichten auch unterwegs
erhalten! http://www.msn.ch/mobile/
More information about the redhat-list
mailing list