[clug] Authenticating to Windows AD domain

Kim Holburn kim.holburn at anu.edu.au
Mon Apr 5 07:39:36 GMT 2004


At 5:18 PM +1000 04/4/5, Beveridge, Ross wrote:
>I recall that someone was going to do a talk on authenticating Linux
>users to a windows AD domain. I was unable to attend so I was wondering
>if someone could point me in the right direction for documentation, I am
>not getting anywhere with google.

I gave a talk on the opposite (sort of) - how to put the linux bits together to create the equivalent of an ADS domain (only secure!!)  Still it might help a bit. 

My talk is at www.holburn.net/kerb-talk


I have a feeling that some of this stuff differs depending on the distro you are using.

There is some stuff in the debian libnss_ldap package that has the mappings you need for this.  Here is some relevant stuff in my /etc/libnss_ldap.conf (debian stable):
-----------------------------
# configure --enable-mssfu-schema is no longer supported.
# For MSSFU now do:
#nss_map_objectclass posixAccount User
#nss_map_attribute uid msSFUName
#nss_map_attribute uniqueMember posixMember
#nss_map_attribute userPassword msSFUPassword
#nss_map_attribute homeDirectory msSFUHomeDirectory
#nss_map_objectclass posixGroup Group
#nss_map_attribute cn msSFUName

# Alternatively, if you wish to equivalence W2K and POSIX
# groups, change the uniqueMember mapping line to:
#nss_map_attribute uniqueMember member
-----------------------------

A quick google for MSSFU gets this link (and others possibly useful too):
http://jaxen.ratisle.net/~jj/nss_ldap-AD_Integration_how-to.html

Kim
-- 
--
Kim Holburn 
Network Consultant - Telecommunications Engineering
Research School of Information Sciences and Engineering
Australian National University - Ph: +61 2 61258620 M: +61 0417820641
Email: kim.holburn at anu.edu.au  - PGP Public Key on request

Life is complex - It has real and imaginary parts.
     Andrea Leistra (rec.arts.sf.written.Robert-jordan)


More information about the linux mailing list