[TriLUG] ldap authentication from Active directory or NTDS

Turnpike Man turnpike420 at yahoo.com
Thu Jan 15 09:31:26 EST 2004


I'm impressed.  Does this make what Roy was doing unnecessary hard work?  It
would seem so.  If anyone publishes the notes they took, I'm excited to see
them!  I'll add it to my www.turnpike420.net/linux2/ area where I save
everything I have learned!

David M.

--- Magnus Hedemark <chrish at trilug.org> wrote:
> This gives you a snap-in to MMC that just adds another tab to your user 
> management window.  So you can assign a UID to the user, home directory, 
> etc. just like any other *NIX system.  User KerberosV for password 
> authentication (which already works while making NO changes to your 
> Windows systems and simply running authconfig on a Red Hat Linux system). 
> You also can assign GID's to AD groups.
> 
> Note that the MS KerberosV implementation is b0rked in that there is no 
> admin server, so you can't change your password from Linux without some 
> sort of extra provisions.
> 
> With MS SFU installed on your AD server you can use NIS for user metadata 
> (which has some security risks... a lot less than pure NIS since SFU isn't 
> publishing password hashes through NIS but it is still exposing a list of 
> user accounts and group memberships).  You can connect to AD via LDAP for 
> better security but its quite a bit more work.
> 
> SFU comes with an NFS server so you can share Windows home directories to 
> Linux users via NFS.  I'm skipping this option and instead building an AFS 
> server for security reasons.
> 
> -- 
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc


__________________________________
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
http://hotjobs.sweepstakes.yahoo.com/signingbonus



More information about the TriLUG mailing list