Prashanth Sundaram wrote: > > Andrey, > > Thanks for the info. It worked for me. :) Just another question, I > want to secure the communication with AD secure. I read that AD is not > SSL compatible and supports startTLS. AD is TLS/SSL compatible and it supports startTLS. Winsync supports both LDAPS and LDAP with startTLS. > What security mechanism have you used in your systems with AD? > > http://www.directory.fedora.redhat.com/wiki?title=Server_To_Server_Conn&redirect=no > <http://www.directory.fedora.redhat.com/wiki?title=Server_To_Server_Conn&redirect=no> > > > Hi, > > You should not verify the users locally (there is a "no_user_check" to > add). The authoritative source of validation should be AD/Kerberos. > Here is the config that works for us : > > auth sufficient /lib/security/pam_krb5.so no_user_check > account required /lib/security/pam_krb5.so no_user_check > > ------------------------------------------------------------------------ > > -- > 389 users mailing list > 389-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20090923/ff54fa64/attachment.bin
