C:\> ksetup /addkdc MIT.KERBREALM.COM kserver.kerb.com
and then when the user logs in, they must select that realm from the drop down list.
Also, the user account in AD needs to have the kerberos name mapping added so AD will know how to match up the accounts. The name mapping would be something like "[EMAIL PROTECTED]".
So basically, the password stored in AD is ignored. Let me know if this helps, or if this isn't what you're trying to do at all. :-)
Robbie Foust, IT Analyst Systems and Core Services Duke University
Lara Adianto wrote:
Hi guys,
As what the subject title said: can Microsoft Active Directory be configured to authenticate to an external ldap server (openLDAP in my case) ?
To make things clearer, this is the objective that I want to achieve:
I want authentication of Microsoft Active Directory's clients to be done by OpenLDAP server on Linux. So, when a client of Microsoft Active Directory authenticates itself to MS AD, MS AD will ask openLDAP for authentication service. openLDAP will return return reject or allow to MS AD. I believe that this can be achieved by using Kerberos. I currently have GSSAPI mechanism running on my openLDAP server, but I am not sure how to make MS AD talk to my openLDAP server.
Any idea, suggestions, hints will be very appreciated....
Cheers
- Lara -
------------------------------------------------------------------------------------
La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit - Guy de Maupassant - ------------------------------------------------------------------------------------
Do you Yahoo!?
*Yahoo! Mail* <http://us.rd.yahoo.com/mailtag_us/*http://mail.yahoo.com> - More reliable, more storage, less spam
List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
