Hi all. I've got my RHEL-server to autenticate against Active Directory, and things are looking good. I have one small issue maybe someone here know how to fix: When a users password expires the user must be able to change it. Nomally a users would be allowed to log in based on the current password, be she would be promted for a new password following the login. In the current setup where my linux servers autheticate against AD, the users whose password have expired are simply locked out from the server. Is there a way to tune linux to allow login, but have the users change password on login? - Kenneth On Wed, Jan 27, 2010 at 2:39 PM, s u p e r n a u t <supernaut@xxxxxxx>wrote: > I've used this in the past to good effect with RHEL5.3 and W2K3. I'm sure > you'll have to make adjustments with W2K8, but it may be a good starting > point. > > > http://www.interopsystems.com/downloads/Native_LDAP_native_Kerberos_and_AD_services.pdf > > > > ----- Original Message ----- From: "Kenneth Holter" <kenneho.ndu@xxxxxxxxx > > > To: "General Red Hat Linux discussion list" <redhat-list@xxxxxxxxxx> > Sent: Wednesday, January 27, 2010 7:58 AM > Subject: Re: Configuring RHEL servers to authenticate with Windows Server > 2008Active Directory > > > Thanks for your reply. >> >> I would like the account and group information to be maintained in AD. >> Possibly later on we'll implement kerberos too. >> >> >> - Kenneth >> >> On Tue, Jan 26, 2010 at 5:32 PM, Marti, Robert <RJM002@xxxxxxxx> wrote: >> >> If you just care about authentication and not accounts, I'd set up >>> kerberos >>> auth - much easier. I have no experience setting up LDAP auth, sorry. >>> >>> Rob Marti >>> ________________________________________ >>> From: redhat-list-bounces@xxxxxxxxxx [redhat-list-bounces@xxxxxxxxxx] On >>> Behalf Of Kenneth Holter [kenneho.ndu@xxxxxxxxx] >>> Sent: Tuesday, January 26, 2010 10:17 >>> To: redhat-list@xxxxxxxxxx >>> Subject: Configuring RHEL servers to authenticate with Windows Server >>> 2008 >>> Active Directory >>> >>> Hello all. >>> >>> >>> I'd like to set my RHEL 4 and 5 servers up to authenticate with our >>> Windows >>> server 2008 Active Directory. Using "authconfig --update --enableldap >>> --enableldapauth >>> --ldapserver=ldap.example.com--ldapbasedn=dn=example,dn=com" >>> and adding "binddn" and "bindpw" to the /etc/ldap.conf file, it looks >>> like >>> the linux box is connecting correctly to the AD server. But running >>> "getent >>> passwd <some-linux-user-defined-on-AD>" doesn't return any result. >>> >>> I'm suspecting that maybe it's my nss_ldap attribute mappings that are >>> not >>> correct. I have no attribute mapping defined, since I would think that >>> there >>> would be some default mappings that would work. Are there any default >>> mapping, and in case what are they? Or maybe "authconfig" set up these >>> mappings automatically? Any advice is appreciated. >>> >>> Best regards, >>> Kenneth Holter >>> -- >>> redhat-list mailing list >>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >>> https://www.redhat.com/mailman/listinfo/redhat-list >>> >>> -- >>> redhat-list mailing list >>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >>> https://www.redhat.com/mailman/listinfo/redhat-list >>> >>> -- >> redhat-list mailing list >> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >> https://www.redhat.com/mailman/listinfo/redhat-list >> >> > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list