Prashanth Sundaram wrote:
Thanks Nathan. I found some old threads discussing the same issue. https://www.redhat.com/archives/fedora-directory-users/2006-November/msg00301.html Question1: Do I still need PassSync.msi installed on the Win server?
No.
PAM passthrough works via pam - similarly to how OpenLDAP goes through saslauthd - so if you have some PAM module that can auth against AD (except LDAP which probably won't work) you can configure PAM passthrough to pass the auth to that PAM module, then to ADQuestion2: How does this work exactly? This is what I understand: Any user who log on, the query first goes to FDS and then PTA-plugin quries the AD.
With chaining, you have _no_ local data in the directory server - all of the data is pulled from AD. With PAM passthrough, just the _auth_ is done against AD - you still have to have the local data in the directory serverQuestion3: What is exactly AD Chaining? I get the literal meaning that, AD is a symlink to the ldap DB on the FDS. I would like to know clear distinction between the two. (AD Chaining and Pass-thru)
I am sorry, if I am repeating any questions. I am new to unix and learning on my own.Thank you so much, your help is greatly appreciated. Prashanth ------------------------------------------------------------------------ -- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
<<attachment: smime.p7s>>
-- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
