Re: Help with authenticating against Active Directory.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Feb 1, 2008 9:38 AM, Michael Semcheski <mhsemcheski@xxxxxxxxx> wrote:
> So is it possible to use nss_ldap with MS-AD if the Services for Unix
> are not installed?  Or do you still have to resort to "/etc/password
> monkey business"?  (I'm all for eliminating the monkey business, but I
> don't think my AD is going to get SFU.

You can use nss_ldap with 2003R2 DC when the additional software
component (built-in to R2, see my other post) is installed. You can
not use nss_ldap with pre-R2 DC without SFU. SFU modifies the AD
schema to create new fields for UNIX attributes, most important of
which is a password field compatible with UNIX crypt. In the case of
R2, your schema will be modified in a similar fashion.

WARNING: If you have multiple DCs, R2 and SFU are not compatible out
of the box. They use different AD schema modifications. We had to
track down hotfixes and DLLs to get our mixed environment working. It
was not fun, but we eventually got it all squared away.

--
Jeff
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux