On Wednesday, January 7, 2004, at 02:46 PM, [EMAIL PROTECTED] wrote:
I have a small network running active directory with a RH9 server running Samba,apache/mysql..
And a MUA that is sending uglified HTML email. Please fix that.
I would like samba to pull a useraccounts from Active Directory to authenticate users for access to fileshares..� Does anyone have easy instructions on using PAM to set this up?
I'm in the middle of doing something like this now at $WORK. The gist of it is that Active Directory does not have the right schema to handle *NIX users, and must be extended. For <$100 MSRP you can get MS Services For UNIX (SFU). This will, among other things, extend you schema and give you MMC snap-ins to manage *NIX user attributes on the same objects as Windows users. That's step one.
Now how to pull that data out of Active Directory once it's in? You could use LDAP, true. Or you could be lazy and use NIS. The passwords are in Kerberos so NIS isn't nearly as bad as it normally would be.
You can set up Linux to auth against Kerberos with no mods to your Windoze box. Just run authconfig on your RH box and on the second screen tell it to auth against your AD server. Caveat: The MS implementation of Kerberos is incomplete and you won't have an Admin Server. You'll have to sort out some other method for users to change their passwords. If you're only running Linux on the file server, this shouldn't be a concern. I've got Linux desktops where it becomes more of an issue.
Once you've got all the right fields filled out in authconfig, PAM will take over. Nothing special to do in Samba then as the AD users will be able to mount Samba shares as easily as local users.
--
C. Magnus Hedemark
http://trilug.org/~chrish
"The only way to keep your health is to eat what you don't want, drink what you don't like, and do what you'd rather not." - Mark Twain
PGP.sig
Description: PGP signature
-- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
