Andrea wrote:
> Hi,
> i want to configure Linux with pam_ldap and nss_ldap to allow it to
> authenticate users from Active Directory, i don't need that linux
> users can access on microsoft resource, aim is only that windows user
> can logon to linux with his same account.
>
> which components are mandatory for this work?
I've never queried any Active Directory, but IIRC user accounts in Active
Directory require a different objectclass than the user accounts (by
*default*) in POSIX. In POSIX, they've objectclass set to 'posixAccount'
and 'shadowAccount' (required for Shadow passwords). So what you need to do
is to add two attributes, 'objectclass: posixAccount' and 'objectclass:
shadowAccount' to the LDAP nodes of Windows users (who want access to Linux
boxen). I'm not sure on this but in 'posixAccount' type, password is stored
in 'userPassword' attribute. BtW, in pam_ldap, and nss_ldap, you can
configure what attributes store what information of users, so if you stay
with defaults of pam_ldap and nss_ldap, you can clearly separate your
Active Directory users and Linux users. Linux users don't have Active
Directory attributes, but Active Directory users can have POSIX attributes.
>
> thanks very much
> andrew
HTH
--
Ashish Shukla आशीष शुक्ल
http://wahjava.wordpress.com/
·-- ·- ···· ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- --
Similar Threads
Linear Mode
