Active Directory access without Samba and Kerberos?

Rolf Grau rgrau33 at hotmail.com
Tue Jul 27 20:08:30 UTC 2004 

Hi

I have got a very simple question to which I just could not find any answer:
Is there a way to configure my Redhat 9, so user login gets checked against
our Microsoft Active Directory? WITHOUT having to setup Samba and Kerberos,
OpenLDAP, etc.? If not, why not? if yes, what would be pros and cons?

I first thought that it would be possible to do so by just configuring
/etc/ldap.conf, and nsswitch.conf, and then activate it through authconfig,
but it just will not work  :(
Any clue? or any web page you could recommend?

I've followed basically the following guidelines on the files configuration:
----------------------------------------------------------------------------
Check if your /etc/nsswitch.conf looks something like this:
  #ident $Id: nsswitch.ldap,v 2.3 1999/04/13 22:56:43 lukeh Exp $
  #
  # An example file that could be copied over to /etc/nsswitch.conf; it
  # uses LDAP conjunction with files.
  #
  # "hosts:" and "services:" in this file are used only if the
  # /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.

  # the following two lines obviate the "+" entry in /etc/passwd and
/etc/group.
  passwd:     files ldap
  group:      files ldap

  # consult DNS first, we will need it to resolve the LDAP host. (If we
  # can't resolve it, we're in infinite recursion, because libldap calls
  # gethostbyname(). Careful!)
  hosts:          files dns

In the /etc/ldap.conf file you should basically change the following lines:

host <IP or DNS name of AD server>
base dc=ad,dc=server,dc=org
ldap_version 3

binddn cn=Administrator,cn=Users,<your_base_dn>
bindpw <your_administrator_password>
scope sub

nss_base_passwd cn=Users,<your_base_dn>?sub
nss_base_shadow cn=Users,<your_base_dn>?sub   # Maybe comment out.
nss_base_group cn=Users,<your-base_dn>?sub

nss_map_objectclass posixAccount User
nss_map_objectclass shadowAccount User    # Maybe comment out.
nss_map_attribute uid sAMAccountName
nss_map_attribute userPassword msSFUPassword   # Maybe comment out.
nss_map_attribute homeDirectory msSFUHomeDirectory
nss_map_objectclass posixGroup Group
nss_map_attribute uniqueMember Member
nss_map_attribute cn sAMAccountName
pam_login_attribute sAMAccountName
pam_filter objectclass=user
pam_password ad
----------------------------------------------------------------------------

Any hint?

Thanks in advance.

Best regards,

     Rolf

_________________________________________________________________
Sorgen Sie dafür, dass Sie Ihre Messenger-Nachrichten auch unterwegs 
erhalten! http://www.msn.ch/mobile/

More information about the redhat-list mailing list