Hi
I have got a very simple question to which I just could not find any answer: Is there a way to configure my Redhat 9, so user login gets checked against our Microsoft Active Directory? WITHOUT having to setup Samba and Kerberos, OpenLDAP, etc.? If not, why not? if yes, what would be pros and cons?
I first thought that it would be possible to do so by just configuring /etc/ldap.conf, and nsswitch.conf, and then activate it through authconfig, but it just will not work :( Any clue? or any web page you could recommend?
I've followed basically the following guidelines on the files configuration: ---------------------------------------------------------------------------- Check if your /etc/nsswitch.conf looks something like this: #ident $Id: nsswitch.ldap,v 2.3 1999/04/13 22:56:43 lukeh Exp $ # # An example file that could be copied over to /etc/nsswitch.conf; it # uses LDAP conjunction with files. # # "hosts:" and "services:" in this file are used only if the # /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
# the following two lines obviate the "+" entry in /etc/passwd and /etc/group. passwd: files ldap group: files ldap
# consult DNS first, we will need it to resolve the LDAP host. (If we # can't resolve it, we're in infinite recursion, because libldap calls # gethostbyname(). Careful!) hosts: files dns
In the /etc/ldap.conf file you should basically change the following lines:
host <IP or DNS name of AD server> base dc=ad,dc=server,dc=org ldap_version 3
binddn cn=Administrator,cn=Users,<your_base_dn> bindpw <your_administrator_password> scope sub
nss_base_passwd cn=Users,<your_base_dn>?sub nss_base_shadow cn=Users,<your_base_dn>?sub # Maybe comment out. nss_base_group cn=Users,<your-base_dn>?sub
nss_map_objectclass posixAccount User nss_map_objectclass shadowAccount User # Maybe comment out. nss_map_attribute uid sAMAccountName nss_map_attribute userPassword msSFUPassword # Maybe comment out. nss_map_attribute homeDirectory msSFUHomeDirectory nss_map_objectclass posixGroup Group nss_map_attribute uniqueMember Member nss_map_attribute cn sAMAccountName pam_login_attribute sAMAccountName pam_filter objectclass=user pam_password ad ----------------------------------------------------------------------------
Any hint?
Thanks in advance.
Best regards,
Rolf
_________________________________________________________________
Sorgen Sie dafür, dass Sie Ihre Messenger-Nachrichten auch unterwegs erhalten! http://www.msn.ch/mobile/
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
