My understanding is that they need to change it from the AD/Windows side. > Hi all. > > > I've got my RHEL-server to autenticate against Active Directory, and > things > are looking good. I have one small issue maybe someone here know how to > fix: > When a users password expires the user must be able to change it. Nomally > a > users would be allowed to log in based on the current password, be she > would > be promted for a new password following the login. In the current setup > where my linux servers autheticate against AD, the users whose password > have > expired are simply locked out from the server. Is there a way to tune > linux > to allow login, but have the users change password on login? > > > - Kenneth > > > On Wed, Jan 27, 2010 at 2:39 PM, s u p e r n a u t > <supernaut@xxxxxxx>wrote: > >> I've used this in the past to good effect with RHEL5.3 and W2K3. I'm >> sure >> you'll have to make adjustments with W2K8, but it may be a good starting >> point. >> >> >> http://www.interopsystems.com/downloads/Native_LDAP_native_Kerberos_and_AD_services.pdf >> >> >> >> ----- Original Message ----- From: "Kenneth Holter" >> <kenneho.ndu@xxxxxxxxx >> > >> To: "General Red Hat Linux discussion list" <redhat-list@xxxxxxxxxx> >> Sent: Wednesday, January 27, 2010 7:58 AM >> Subject: Re: Configuring RHEL servers to authenticate with Windows >> Server >> 2008Active Directory >> >> >> Thanks for your reply. >>> >>> I would like the account and group information to be maintained in AD. >>> Possibly later on we'll implement kerberos too. >>> >>> >>> - Kenneth >>> >>> On Tue, Jan 26, 2010 at 5:32 PM, Marti, Robert <RJM002@xxxxxxxx> wrote: >>> >>> If you just care about authentication and not accounts, I'd set up >>>> kerberos >>>> auth - much easier. I have no experience setting up LDAP auth, sorry. >>>> >>>> Rob Marti >>>> ________________________________________ >>>> From: redhat-list-bounces@xxxxxxxxxx [redhat-list-bounces@xxxxxxxxxx] >>>> On >>>> Behalf Of Kenneth Holter [kenneho.ndu@xxxxxxxxx] >>>> Sent: Tuesday, January 26, 2010 10:17 >>>> To: redhat-list@xxxxxxxxxx >>>> Subject: Configuring RHEL servers to authenticate with Windows Server >>>> 2008 >>>> Active Directory >>>> >>>> Hello all. >>>> >>>> >>>> I'd like to set my RHEL 4 and 5 servers up to authenticate with our >>>> Windows >>>> server 2008 Active Directory. Using "authconfig --update --enableldap >>>> --enableldapauth >>>> --ldapserver=ldap.example.com--ldapbasedn=dn=example,dn=com" >>>> and adding "binddn" and "bindpw" to the /etc/ldap.conf file, it looks >>>> like >>>> the linux box is connecting correctly to the AD server. But running >>>> "getent >>>> passwd <some-linux-user-defined-on-AD>" doesn't return any result. >>>> >>>> I'm suspecting that maybe it's my nss_ldap attribute mappings that are >>>> not >>>> correct. I have no attribute mapping defined, since I would think that >>>> there >>>> would be some default mappings that would work. Are there any default >>>> mapping, and in case what are they? Or maybe "authconfig" set up these >>>> mappings automatically? Any advice is appreciated. >>>> >>>> Best regards, >>>> Kenneth Holter >>>> -- >>>> redhat-list mailing list >>>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >>>> https://www.redhat.com/mailman/listinfo/redhat-list >>>> >>>> -- >>>> redhat-list mailing list >>>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >>>> https://www.redhat.com/mailman/listinfo/redhat-list >>>> >>>> -- >>> redhat-list mailing list >>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >>> https://www.redhat.com/mailman/listinfo/redhat-list >>> >>> >> >> -- >> redhat-list mailing list >> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >> https://www.redhat.com/mailman/listinfo/redhat-list >> > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- Mike Burger http://www.bubbanfriends.org Visit the Dog Pound II BBS telnet://dogpound2.citadel.org or http://dogpound2.citadel.org To be notified of updates to the web site, visit: https://www.bubbanfriends.org/mailman/listinfo/site-update or send a blank email message to: site-update-subscribe@xxxxxxxxxxxxxxxxx -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
