Yes, directory servers winsync maps AD's samAccountName to uid on LDAP-DS, and Unix use the uid attribute for login name. It is not necessary to use kerberos authentication of AD, if you sync passwords between AD and DS with winsync. Carsten ----- Urspr?ngliche Nachricht ----- Von: Zebee Johnstone <Zebee.Johnstone at optus.com.au> Datum: Freitag, 21. Januar 2011, 2:43 Betreff: Mapping AD names to unix names An: "'389-users at lists.fedoraproject.org'" <389-users at lists.fedoraproject.org> > I want to, amongst other things,? qury our Active Directory > server for passwords.? So use 389 as a directory server > (using NIS scheme and netgroups) with AD passwords. > > Problem is... our AD uses usernames of First Last and a kerberos > principle of first.last.? Where as the unix (linux, AIX, > HPUX, Solaris) boxes use 8char usernames. > > The password sync stuff I've seen isn't very clear.? Does > the AD samAccountName have to be the same as the unix > username?? Or is there somewhere on 389 or on AD where I > can do a lookup? > > This http://docs.redhat.com/docs/en- > US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Using_Windows_Sync-Synchronizing_Users.html seems to say there's a field ntUserDomainId that would do that job, is that used in the sync? > > Is there any documentation on setting this up? > > Zebee > -- > 389 users mailing list > 389-users at lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users -------------- next part -------------- A non-text attachment was scrubbed... Name: grzemba.vcf Type: text/x-vcard Size: 233 bytes Desc: Card for Carsten Grzemba <grzemba at contac-dt.de> Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20110121/21de6509/attachment-0001.vcf
