I wondered once or twice if people united their linux machine to authenticate against an existing Active Directory. today I had the chance to do it for a client. first we tried the old fashioned way - install SFU (Seervices for Unix) on the 2000/2003 machine, and bind to it with LDAP. this proved to be a trial-and-error process sadly rnough, most of the time we could not ever see the logs indicate that PAM was even logging into the LDAP.
We quickly ditched it for winbind, a daemon bundled with Samba. the Red Hat RHEL workstation (and appenretly Fedoras since at least RH9) come with a script caled authconfig that takes care of editinig your smb.conf, your nsswitch.conf and pam's system-auth files, and helps you join the domain almost automaticly (needs kerberos). it was a bit confusing to discover one can authenticate only some 50-60 seconds after winbindd fires up but we did manage to get to the AD and authenticate users. at last we could not log in with them though since winbindd kept complaining about not being able to translate the users' SIDs to the local UIDs, but that too was solved with a reboot (Tomer Perry suggested it was a restart of nscd that released that final hurdle, I did not go back to figure it out for sure). I hope this helps people out there, enjoy :) -- Unproved theory Ira Abramov http://ira.abramov.org/email/ ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
