[olug] local groups and Active Directory
Dave Thacker
dthacker9 at cox.net
Tue Feb 13 00:13:04 UTC 2007
On Monday 12 February 2007 17:33, Rob Townley wrote:
> On 12/28/06, Phil Brutsche <phil at brutsche.us> wrote:
> > The LDAP NSS module will only work if you're using Microsoft's Services
> > for UNIX on your domain controller(s) to provide the RFC2307 schema that
> > the LDAP NSS module expects.
> >
> > You need to set it up to use the winbind NSS module like so:
> >
> > passwd: compat winbind
> > group: compat winbind
> > shadow: compat
> >
> > hosts: files dns
> > networks: files
> >
> > protocols: db files
> > services: db files
> > ethers: db files
> > rpc: db files
> >
> > netgroup: nis
> >
> > Your AD users and groups will then be available on your Linux machine.
> > You can verify their existence with "getent group" and "getent passwd".
> >
> > You also need to have winbindd running.
> >
> > Adam Lassek wrote:
> > > OK, I see how it works. This is what Daniel was getting at, I just
> > > wasn't following. Thanks for your help.
> >
(sig snipped.....)
>
> This is one those projects i have been considering, but didn't do it
> because i thought it more secure to have two different sets of passwords.
> But now i want to do it.
>
> Assuming the MS AD is not going anywhere, do you absolutely have to use
> Microsoft's Services for Unix? Really?
>
> If a Linux based LDAP server syncs with MS AD. Then the Linux workstation
> authenticates with the Linux LDAP server, would you still have to have MS
> Services for Unix?
I'm working towards the same goal. I think the issue is that LDAP can't sync
with MS-AD unless AD's schema is extended. That's the RFC 2307 info
referred to above.
Dave Thacker
More information about the OLUG
mailing list