Hello Kenneho, Thanks for the quick response. I appreciate your helpful words on these queries. I would be thankful if yu can provide me with the tutorials or documents or links which you followed for the same setup. May I know what should be approach for syncing ADS to Fedora DS? Any step by step approach for the sa On Mon, Jan 4, 2010 at 2:37 PM, Kenneth Holter <kenneho.ndu at gmail.com>wrote: > Hi. > > > We're currently working on a similar setup. > > Regarding your first question: Using the Windows Sync plugin on the FDS you > sync specific users from AD over to FDS. Just move your sysadmin users to an > LDAP organization unit (OU), and sync that over to FDS. Next, you'll need to > add posix attributes (user ID, group ID, home directory, etc) to these users > on the FDS side. You can create simple scripts for doing this. In our setup, > we're going to use groups defined on the AD side as basis for NIS netgroups > on linux, so that we can control access to and sudo privileges on linux > servers based on these groups. This adds to the complexity, but lets us > manage users and access from the AD side. > > When you delete a user on the AD side, it will get deleted on the FDS side > too. > > > Regards, > Kenneth Holter > > > On Tue, Dec 29, 2009 at 5:41 PM, Ajeet S Raina <ajeetraina at gmail.com>wrote: > >> >> I have a certain query regarding the following structure: >> Code: >> >> Active Directory Server >> || >> || >> Fedora Directory Server <=> Client(Linux | Fedora | Ubuntu | Solaris | HP) >> >> Let me explain you what I want: >> >> 1.There is a company Active Directory Server under domain intinfra.com.As<http://intinfra.com.as/>of now there are limited Windows Desktop Machine under that domain.I have >> few Linux / Unix Machines which I want to authenticate through ADS(which are >> presently not under ADS).Why? Becoz' everytime I need to delete the users >> whenver they leave the project.Thats Cumbersome. >> >> So what I want is Setup Fedora DS(Wonder if We can do that without Fedora >> DS).Now I can ads join to Fedora DS(I have administrative privileges for >> ADS).What I really want to know is: >> >> If I join Fedora DS to ADS then all employee can login to the Linux >> Machine through their login credentials. I dont want that to happen.We have >> 3000 employee in intinfra Domain but We are only 30 Admins. I only want >> those 30-40 admins to login restrictly.Is it possible to restrict at >> FedoraDS level. >> >> 2.Say, I joined ADS and fedora DS and say after 30 days one of System >> Admin left the company.So his name will be removed from ADS. Is it possible >> that ADS and Fedora DS are synchronized in such a way that a user whose name >> gets deleted in ADS, gets deleted too from fedora .Do fedora DS has the >> capability to synchronize to ADS everytime. >> >> Pls Suggest. >> >> >> >> >> -- >> 389 users mailing list >> 389-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > -- > 389 users mailing list > 389-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -- ?It is not possible to rescue everyone who is caught in the Windows quicksand --Make sure you are on solid Linux ground before trying.? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20100104/ddad1130/attachment.html
