Is there a way to sync from AD and then use LDAP authentication for
Linux boxes that don't know about AD? I thought I saw something
earlier that said the Posix acount information didn't sync. If that
is true can you configure Linux to use whatever password does sync?
Yes, I think that is the preferred method. Have windows users talk to AD
and Linux users talk to LDAP. You can use LDAP for authentication and to
store the automount maps for home directories.
I believe that is correct, only passwords, groups, account
deletion/creation are covered. You wouldn't want to create accounts on
the AD side. For example, I have a Fedora DS server that serves
mail/web/samba authentication, but have an AD server that serves all
windows domain accounts. The PassSync gives me a way of having a
"single-sign on" so users only have to change one password. I used to
use an OpenLDAP/Samba PDC configuration, but this works much better. If
you still want to use Samba as a file server, you can use Idmap which is
stored on the LDAP server to maintain the uid/gid mappings to make
users/permissions almost completely transparent between platforms.
--
Jeff Gamsby
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
