Yes, directory servers winsync maps AD's samAccountName to uid on LDAP-DS, and Unix use the uid attribute for login name. It is not necessary to use kerberos authentication of AD, if you sync passwords between AD and DS with winsync. Carsten ----- Ursprüngliche Nachricht ----- Von: Zebee Johnstone <Zebee.Johnstone@xxxxxxxxxxxx> Datum: Freitag, 21. Januar 2011, 2:43 Betreff: [389-users] Mapping AD names to unix names An: "'389-users@xxxxxxxxxxxxxxxxxxxxxxx'" <389-users@xxxxxxxxxxxxxxxxxxxxxxx> > I want to, amongst other things, qury our Active Directory > server for passwords. So use 389 as a directory server > (using NIS scheme and netgroups) with AD passwords. > > Problem is... our AD uses usernames of First Last and a kerberos > principle of first.last. Where as the unix (linux, AIX, > HPUX, Solaris) boxes use 8char usernames. > > The password sync stuff I've seen isn't very clear. Does > the AD samAccountName have to be the same as the unix > username? Or is there somewhere on 389 or on AD where I > can do a lookup? > > This http://docs.redhat.com/docs/en- > US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Using_Windows_Sync-Synchronizing_Users.html seems to say there's a field ntUserDomainId that would do that job, is that used in the sync? > > Is there any documentation on setting this up? > > Zebee > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users
begin:vcard n:Grzemba;Carsten fn:Carsten Grzemba tel;cell:+49 171 9749479 tel;work:+49 3677 6474-0 org:contac Datentechnik GmbH adr:;;Auf dem Steine 1;Ilmenau;;98693; email;internet:carsten.grzemba@xxxxxxxxxxxx version:2.1 end:vcard
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
