Active Directory access from Linux without Samba and Kerberos?

Rolf Grau rgrau33 at hotmail.com
Mon Jul 19 19:58:00 UTC 2004 

Hi

I have got a very simple question to which I just could not find any answer:
Is there a way to configure my Redhat 9, so user login gets checked against 
our Microsoft Active Directory? WITHOUT having to setup Samba and Kerberos, 
OpenLDAP, etc.?

I first thought that it would be possible to do so by just configuring 
/etc/ldap.conf, and nsswitch.conf, and then activate it through authconfig, 
but it just will not work  :(
Any clue? or any web page you could recommend?

I've followed basically the following guidelines on the files configuration:
----------------------------------------------------------------------------
Check if your /etc/nsswitch.conf looks something like this:
  #ident $Id: nsswitch.ldap,v 2.3 1999/04/13 22:56:43 lukeh Exp $
  #
  # An example file that could be copied over to /etc/nsswitch.conf; it
  # uses LDAP conjunction with files.
  #
  # "hosts:" and "services:" in this file are used only if the
  # /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.

  # the following two lines obviate the "+" entry in /etc/passwd and 
/etc/group.
  passwd:     files ldap
  group:      files ldap

  # consult DNS first, we will need it to resolve the LDAP host. (If we
  # can't resolve it, we're in infinite recursion, because libldap calls
  # gethostbyname(). Careful!)
  hosts:          files dns

In the /etc/ldap.conf file you should basically change the following lines:

host <IP or DNS name of AD server>
base dc=ad,dc=server,dc=org
ldap_version 3

binddn cn=Administrator,cn=Users,<your_base_dn>
bindpw <your_administrator_password>
scope sub

nss_base_passwd cn=Users,<your_base_dn>?sub
nss_base_shadow cn=Users,<your_base_dn>?sub   # Maybe comment out.
nss_base_group cn=Users,<your-base_dn>?sub

nss_map_objectclass posixAccount User
nss_map_objectclass shadowAccount User    # Maybe comment out.
nss_map_attribute uid sAMAccountName
nss_map_attribute userPassword msSFUPassword   # Maybe comment out.
nss_map_attribute homeDirectory msSFUHomeDirectory
nss_map_objectclass posixGroup Group
nss_map_attribute uniqueMember Member
nss_map_attribute cn sAMAccountName
pam_login_attribute sAMAccountName
pam_filter objectclass=user
pam_password ad
----------------------------------------------------------------------------

Any hint?

Thanks in advance.

Best regards,

     Rolf

_________________________________________________________________
Hotmails und Messenger-Kommunikation am Handy? Für MSN Mobile kein Problem! 
http://www.msn.ch/mobile/

More information about the Redhat-install-list mailing list