Re: [389-users] Mapping AD names to unix names

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Yes, directory servers winsync maps AD's samAccountName to uid on LDAP-DS, and Unix use the uid attribute for login name. It is not necessary to use kerberos authentication of AD, if you sync passwords between AD and DS with winsync.

----- Ursprüngliche Nachricht -----
Von: Zebee Johnstone <Zebee.Johnstone@xxxxxxxxxxxx>
Datum: Freitag, 21. Januar 2011, 2:43
Betreff: [389-users] Mapping AD names to unix names
An: "'389-users@xxxxxxxxxxxxxxxxxxxxxxx'" <389-users@xxxxxxxxxxxxxxxxxxxxxxx>

> I want to, amongst other things,  qury our Active Directory 
> server for passwords.  So use 389 as a directory server 
> (using NIS scheme and netgroups) with AD passwords.
> Problem is... our AD uses usernames of First Last and a kerberos 
> principle of first.last.  Where as the unix (linux, AIX, 
> HPUX, Solaris) boxes use 8char usernames.
> The password sync stuff I've seen isn't very clear.  Does 
> the AD samAccountName have to be the same as the unix 
> username?  Or is there somewhere on 389 or on AD where I 
> can do a lookup?
> This
> US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Using_Windows_Sync-Synchronizing_Users.html seems to say there's a field ntUserDomainId that would do that job, is that used in the sync?
> Is there any documentation on setting this up?
> Zebee
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
fn:Carsten Grzemba
tel;cell:+49 171 9749479
tel;work:+49 3677 6474-0
org:contac Datentechnik GmbH
adr:;;Auf dem Steine 1;Ilmenau;;98693;
389 users mailing list

[Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Home]     [Fedora Tools]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Red Hat 9 Bible]     [Red Hat 9]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

Add to Google