[clug] Authenticating to Windows AD domain
kim.holburn at anu.edu.au
Mon Apr 5 07:39:36 GMT 2004
At 5:18 PM +1000 04/4/5, Beveridge, Ross wrote:
>I recall that someone was going to do a talk on authenticating Linux
>users to a windows AD domain. I was unable to attend so I was wondering
>if someone could point me in the right direction for documentation, I am
>not getting anywhere with google.
I gave a talk on the opposite (sort of) - how to put the linux bits together to create the equivalent of an ADS domain (only secure!!) Still it might help a bit.
My talk is at www.holburn.net/kerb-talk
I have a feeling that some of this stuff differs depending on the distro you are using.
There is some stuff in the debian libnss_ldap package that has the mappings you need for this. Here is some relevant stuff in my /etc/libnss_ldap.conf (debian stable):
# configure --enable-mssfu-schema is no longer supported.
# For MSSFU now do:
#nss_map_objectclass posixAccount User
#nss_map_attribute uid msSFUName
#nss_map_attribute uniqueMember posixMember
#nss_map_attribute userPassword msSFUPassword
#nss_map_attribute homeDirectory msSFUHomeDirectory
#nss_map_objectclass posixGroup Group
#nss_map_attribute cn msSFUName
# Alternatively, if you wish to equivalence W2K and POSIX
# groups, change the uniqueMember mapping line to:
#nss_map_attribute uniqueMember member
A quick google for MSSFU gets this link (and others possibly useful too):
Network Consultant - Telecommunications Engineering
Research School of Information Sciences and Engineering
Australian National University - Ph: +61 2 61258620 M: +61 0417820641
Email: kim.holburn at anu.edu.au - PGP Public Key on request
Life is complex - It has real and imaginary parts.
Andrea Leistra (rec.arts.sf.written.Robert-jordan)
More information about the linux