Actually, I found a solution to my problem. Thanks anyway. Instead of talking to the normal LDAP port on 389, I changed my ldap.conf to point to 3268. That port is serviced by any Win2K Global Catalog server and will authenticate anyone forest wide. If anyone is interested, I have some modifications to the standard pam_ldap authentication setup for authentication with Active Directory that improve performance in Multi-Domain environments. David Wood Field Services Manager Kaplan Higher Education 770-510-2010 x150 -----Original Message----- From: Tony den Haan [mailto:tony@xxxxxxxxxx] Sent: Thursday, March 20, 2003 3:33 AM To: pam-list@xxxxxxxxxx Subject: Re: Active Directory Module On Wed, 19 Mar 2003, David Wood wrote: > All, > > I am in desperate need of help. I can authenticate against a single > Active Directory domain in my forest using pam_krb5 but that doesn't > help me with the child domains I have. I can authenticate against the > entire tree using pam_ldap but it is dismally slow due to excessive > referral chasing. I need a fix for this in the next 30 days and am > willing to pay for it under agreement that the resulting module be > GPL'd. mailing to a linux list in html is not going to be a guarantee to get help. a miracle it passed my spamfilter at all. tony _______________________________________________ Pam-list@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/pam-list _______________________________________________ Pam-list@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/pam-list
