LDAP: you cannot use tls when doing a ldap bind against an ADS, so you
loose encryption there.
Samba route: winbind should provide you with access to ADS group
information and mapping to UNIX ID's. AFAIR you need to be able to join
the server to the ADS domain, which needs the cooperation of the windows
sysadmin.
The samba documentation contains all you need for this.
Roelof
John Summerfield wrote:
Michael H. Semcheski wrote:
Hello,
My University uses Active Directory. I use Linux.
I would like my SL server to use the active directory to determine
which usernames are valid for things like logins.
I'm already using the University's Kerberos infrastructure to verify
passwords, but I have to make sure the user names are in /etc/passwd.
I'd like to not have to add the users to /etc/password.
It would be even better if I could get group information from Active
Directory, but I can probably live without it.
Anyone know if this is possible? Know what needs to go into the
setup, or know of a good howto?
I don't know where Kerberos comes into this, but configuring Linux to
authenticate against LDAP should work: standard LDAP enquiries work
against AD.
_That_ should be just a matter of running the RH configuration tool.
If you want more than user/password (eg home directory) then you will
need to ensure AD has the info. Google (and the other links) are
likely to provide the information or links to it.
