Hi there all. I have looked into this in the past, and have been trying to figure out what the best method of authenticating linux stuff against an Active Directory server is? I have tried doing the ldap method (pam_ldap) but that didn't really strike me as the best way to do it (as M$ taint LDAP so as to make it interesting, plus I never managed to get it to work properly). Then I was thinking that perhaps using samba would work, but have yet to explore that avenue... plus AD is meant to also use kerberos... ? not quite sure, but there is some kerberos stuff in win2k server...
Basically my problem is that we're moving from an NT4 Domain (with all the users stored in it) and having some apps on a couple of linux boxes, of which one uses pam and samba to authenticate... And someone has decided to move to a 2000 Domain, and so I have to rebuild the linux stuff to work on the new domain... unfortunately, taking down one of the linux servers, and then bringing it back up was enough to kill it (has lost /bin/login for instance!), but that's not the main issue...
so any help as to what I should think of using, and how to go about it, would be so greatly appreciated! :) I'm anticipating using PAM, but don't know which module I should throw my bit in with, and also how to configure it properly and nicely for AD (just really require auth and account stuff, but session wouldn't be bad either)...
thanks heaps... :)
nic... :)
<<--------------- "I can't believe that!" said Alice. "Can't you?" the Queen said in pitying tone. "Try again: draw a long breath, and shut your eyes." Alice laughed. "There's no use trying," she said. "One can't believe impossible things." "I daresay you haven't had much practice," said the Queen. -----"Through the Looking-Glass" by Lewis Carroll------------->>
_______________________________________________ Pam-list@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/pam-list