[CentOS] Help with authenticating against Active Directory.
Jeff Larsen
jlar310 at gmail.com
Fri Feb 1 15:57:46 UTC 2008
On Feb 1, 2008 9:38 AM, Michael Semcheski <mhsemcheski at gmail.com> wrote:
> So is it possible to use nss_ldap with MS-AD if the Services for Unix
> are not installed? Or do you still have to resort to "/etc/password
> monkey business"? (I'm all for eliminating the monkey business, but I
> don't think my AD is going to get SFU.
You can use nss_ldap with 2003R2 DC when the additional software
component (built-in to R2, see my other post) is installed. You can
not use nss_ldap with pre-R2 DC without SFU. SFU modifies the AD
schema to create new fields for UNIX attributes, most important of
which is a password field compatible with UNIX crypt. In the case of
R2, your schema will be modified in a similar fashion.
WARNING: If you have multiple DCs, R2 and SFU are not compatible out
of the box. They use different AD schema modifications. We had to
track down hotfixes and DLLs to get our mixed environment working. It
was not fun, but we eventually got it all squared away.
--
Jeff
More information about the CentOS
mailing list