Re: Configuring RHEL servers to authenticate with Windows Server 2008Active Directory

["s u p e r n a u t" <supernaut@xxxxxxx>]

I'm not sure I understand why you'd want to do that.  After you've installed 
AD Services Identity Management for UNIX, you can specify a user's primary 
(AD) group under his AD properties under the UNIX Attributes tab.

Then you basically assign/change permissions on the Linux system as 
username:ad_group_name.

I think the idea is that you'd use AD groups for file/folder access and not 
the Linux groups anymore, although the Linux groups could still be used if 
you wanted to.

I'm a bit rusty on this but I believe that's what I wanted to achieve, 
anyway.

----- Original Message ----- 
From: "Kenneth Holter" <kenneho.ndu@xxxxxxxxx>
To: "General Red Hat Linux discussion list" <redhat-list@xxxxxxxxxx>
Sent: Wednesday, January 27, 2010 2:35 PM
Subject: Re: Configuring RHEL servers to authenticate with Windows Server 
2008Active Directory


> Great, thanks, I got it working.
>
> Currently, our linux users all are member of a posix group of the same 
> name
> (i.e user "kenneth" is member of its own group "kenneth", which is the
> default in linux as far as I know). Do you know how I can create such 
> groups
> on AD, instead of adding users to shared groups such as "unixusers"?
>
> On Wed, Jan 27, 2010 at 1:39 PM, s u p e r n a u t 
> <supernaut@xxxxxxx>wrote:
>
> > I've used this in the past to good effect with RHEL5.3 and W2K3.  I'm 
> > sure
> > you'll have to make adjustments with W2K8, but it may be a good starting
> > point.
> >
> >
> > http://www.interopsystems.com/downloads/Native_LDAP_native_Kerberos_and_AD_services.pdf
> >
> >
> >
> > ----- Original Message ----- From: "Kenneth Holter" 
> > <kenneho.ndu@xxxxxxxxx
> > >
> > To: "General Red Hat Linux discussion list" <redhat-list@xxxxxxxxxx>
> > Sent: Wednesday, January 27, 2010 7:58 AM
> > Subject: Re: Configuring RHEL servers to authenticate with Windows Server
> > 2008Active Directory
> >
> >
> >  Thanks for your reply.
> > > I would like the account and group information to be maintained in AD.
> > > Possibly later on we'll implement kerberos too.
> > >
> > >
> > > - Kenneth
> > >
> > > On Tue, Jan 26, 2010 at 5:32 PM, Marti, Robert <RJM002@xxxxxxxx> wrote:
> > >
> > >  If you just care about authentication and not accounts, I'd set up
> > > > kerberos
> > > > auth - much easier.  I have no experience setting up LDAP auth, sorry.
> > > >
> > > > Rob Marti
> > > > ________________________________________
> > > > From: redhat-list-bounces@xxxxxxxxxx [redhat-list-bounces@xxxxxxxxxx] 
> > > > On
> > > > Behalf Of Kenneth Holter [kenneho.ndu@xxxxxxxxx]
> > > > Sent: Tuesday, January 26, 2010 10:17
> > > > To: redhat-list@xxxxxxxxxx
> > > > Subject: Configuring RHEL servers to authenticate with Windows Server
> > > > 2008
> > > >     Active Directory
> > > >
> > > > Hello all.
> > > >
> > > >
> > > > I'd like to set my RHEL 4 and 5 servers up to authenticate with our
> > > > Windows
> > > > server 2008 Active Directory. Using "authconfig --update --enableldap
> > > > --enableldapauth
> > > > --ldapserver=ldap.example.com--ldapbasedn=dn=example,dn=com"
> > > > and adding "binddn" and "bindpw" to the /etc/ldap.conf file, it looks
> > > > like
> > > > the linux box is connecting correctly to the AD server. But running
> > > > "getent
> > > > passwd <some-linux-user-defined-on-AD>" doesn't return any result.
> > > >
> > > > I'm suspecting that maybe it's my nss_ldap attribute mappings that are
> > > > not
> > > > correct. I have no attribute mapping defined, since I would think that
> > > > there
> > > > would be some default mappings that would work. Are there any default
> > > > mapping, and in case what are they? Or maybe "authconfig" set up these
> > > > mappings automatically? Any advice is appreciated.
> > > >
> > > > Best regards,
> > > > Kenneth Holter
> > > > --
> > > > redhat-list mailing list
> > > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> > > > https://www.redhat.com/mailman/listinfo/redhat-list
> > > >
> > > > --
> > > > redhat-list mailing list
> > > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> > > > https://www.redhat.com/mailman/listinfo/redhat-list
> > > >
> > > >  --
> > > redhat-list mailing list
> > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> > > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list