On Friday 17 November 2006 16:42, Ajitabh Pandey wrote: > Hi, > > We have few RHEL servers. For the app support team the authentication is > based on MS-Active Directory. I had build the boxes using the following > line in the kickstart: > > authconfig --enableshadow --enablemd5 --enablekrb5 --krb5realm > DOMAIN.COM --krb5kdc msadc01.domain.com:88,msadc02.domain.com:88 > --krb5adminserver msadc01.domain.com:749 > > Now I just create the same account on linux servers as is there on > active directory. I dont even need to set the password as the > authentication happens with MS-Active Directory. > > Is there a way that we dont even need to create the account on the > server. I have tried doing this successfully using samba and winbind, > but somehow it was getting too complicated in our configuration (cant > remember the exact details now).
nss_ldap is what you need I believe. And install unix schema on active directory. Brief googling will turn it up.. and you don't need pam_krb5 . MIT kerberos has a login replacement that authenticate against a KDC and if network is unreachable, then against local shadow/group/passwd file. I found one reference on google groups where a slacker set his getty using this login program. ;) Shridhar ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ linux-india-help mailing list linux-india-help@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-india-help
