hi did you check gruop policy object and computer on W2k8. On Mon, Apr 19, 2010 at 7:46 AM, Kenneth Holter <kenneho.ndu@xxxxxxxxx>wrote: > Hi all. > > > I've got my RHEL-server to autenticate against Active Directory, and things > are looking good. I have one small issue maybe someone here know how to > fix: > When a users password expires the user must be able to change it. Nomally a > users would be allowed to log in based on the current password, be she > would > be promted for a new password following the login. In the current setup > where my linux servers autheticate against AD, the users whose password > have > expired are simply locked out from the server. Is there a way to tune linux > to allow login, but have the users change password on login? > > > - Kenneth > > > On Wed, Jan 27, 2010 at 2:39 PM, s u p e r n a u t <supernaut@xxxxxxx > >wrote: > > > I've used this in the past to good effect with RHEL5.3 and W2K3. I'm > sure > > you'll have to make adjustments with W2K8, but it may be a good starting > > point. > > > > > > > http://www.interopsystems.com/downloads/Native_LDAP_native_Kerberos_and_AD_services.pdf > > > > > > > > ----- Original Message ----- From: "Kenneth Holter" < > kenneho.ndu@xxxxxxxxx > > > > > To: "General Red Hat Linux discussion list" <redhat-list@xxxxxxxxxx> > > Sent: Wednesday, January 27, 2010 7:58 AM > > Subject: Re: Configuring RHEL servers to authenticate with Windows Server > > 2008Active Directory > > > > > > Thanks for your reply. > >> > >> I would like the account and group information to be maintained in AD. > >> Possibly later on we'll implement kerberos too. > >> > >> > >> - Kenneth > >> > >> On Tue, Jan 26, 2010 at 5:32 PM, Marti, Robert <RJM002@xxxxxxxx> wrote: > >> > >> If you just care about authentication and not accounts, I'd set up > >>> kerberos > >>> auth - much easier. I have no experience setting up LDAP auth, sorry. > >>> > >>> Rob Marti > >>> ________________________________________ > >>> From: redhat-list-bounces@xxxxxxxxxx [redhat-list-bounces@xxxxxxxxxx] > On > >>> Behalf Of Kenneth Holter [kenneho.ndu@xxxxxxxxx] > >>> Sent: Tuesday, January 26, 2010 10:17 > >>> To: redhat-list@xxxxxxxxxx > >>> Subject: Configuring RHEL servers to authenticate with Windows Server > >>> 2008 > >>> Active Directory > >>> > >>> Hello all. > >>> > >>> > >>> I'd like to set my RHEL 4 and 5 servers up to authenticate with our > >>> Windows > >>> server 2008 Active Directory. Using "authconfig --update --enableldap > >>> --enableldapauth > >>> --ldapserver=ldap.example.com--ldapbasedn=dn=example,dn=com" > >>> and adding "binddn" and "bindpw" to the /etc/ldap.conf file, it looks > >>> like > >>> the linux box is connecting correctly to the AD server. But running > >>> "getent > >>> passwd <some-linux-user-defined-on-AD>" doesn't return any result. > >>> > >>> I'm suspecting that maybe it's my nss_ldap attribute mappings that are > >>> not > >>> correct. I have no attribute mapping defined, since I would think that > >>> there > >>> would be some default mappings that would work. Are there any default > >>> mapping, and in case what are they? Or maybe "authconfig" set up these > >>> mappings automatically? Any advice is appreciated. > >>> > >>> Best regards, > >>> Kenneth Holter > >>> -- > >>> redhat-list mailing list > >>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > >>> https://www.redhat.com/mailman/listinfo/redhat-list > >>> > >>> -- > >>> redhat-list mailing list > >>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > >>> https://www.redhat.com/mailman/listinfo/redhat-list > >>> > >>> -- > >> redhat-list mailing list > >> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > >> https://www.redhat.com/mailman/listinfo/redhat-list > >> > >> > > > > -- > > redhat-list mailing list > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > https://www.redhat.com/mailman/listinfo/redhat-list > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
