Active Directory access from Linux without Samba and Kerberos?
Rolf Grau
rgrau33 at hotmail.com
Mon Jul 19 19:58:00 UTC 2004
Hi
I have got a very simple question to which I just could not find any answer:
Is there a way to configure my Redhat 9, so user login gets checked against
our Microsoft Active Directory? WITHOUT having to setup Samba and Kerberos,
OpenLDAP, etc.?
I first thought that it would be possible to do so by just configuring
/etc/ldap.conf, and nsswitch.conf, and then activate it through authconfig,
but it just will not work :(
Any clue? or any web page you could recommend?
I've followed basically the following guidelines on the files configuration:
----------------------------------------------------------------------------
Check if your /etc/nsswitch.conf looks something like this:
#ident $Id: nsswitch.ldap,v 2.3 1999/04/13 22:56:43 lukeh Exp $
#
# An example file that could be copied over to /etc/nsswitch.conf; it
# uses LDAP conjunction with files.
#
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
# the following two lines obviate the "+" entry in /etc/passwd and
/etc/group.
passwd: files ldap
group: files ldap
# consult DNS first, we will need it to resolve the LDAP host. (If we
# can't resolve it, we're in infinite recursion, because libldap calls
# gethostbyname(). Careful!)
hosts: files dns
In the /etc/ldap.conf file you should basically change the following lines:
host <IP or DNS name of AD server>
base dc=ad,dc=server,dc=org
ldap_version 3
binddn cn=Administrator,cn=Users,<your_base_dn>
bindpw <your_administrator_password>
scope sub
nss_base_passwd cn=Users,<your_base_dn>?sub
nss_base_shadow cn=Users,<your_base_dn>?sub # Maybe comment out.
nss_base_group cn=Users,<your-base_dn>?sub
nss_map_objectclass posixAccount User
nss_map_objectclass shadowAccount User # Maybe comment out.
nss_map_attribute uid sAMAccountName
nss_map_attribute userPassword msSFUPassword # Maybe comment out.
nss_map_attribute homeDirectory msSFUHomeDirectory
nss_map_objectclass posixGroup Group
nss_map_attribute uniqueMember Member
nss_map_attribute cn sAMAccountName
pam_login_attribute sAMAccountName
pam_filter objectclass=user
pam_password ad
----------------------------------------------------------------------------
Any hint?
Thanks in advance.
Best regards,
Rolf
_________________________________________________________________
Hotmails und Messenger-Kommunikation am Handy? Für MSN Mobile kein Problem!
http://www.msn.ch/mobile/
More information about the Redhat-install-list
mailing list