On Tue, Dec 30, 2008 at 6:32 PM, <[email protected]> wrote: > My goal is limited: > > I want to allow Unix (Linux) users to login to the Linux (Unix) > servers with their AD password. SSO is not a goal--existing login > mechanisms (ssh, primarily) will continue, and creditials or domain > membership on the user's desktop machine are irrelevent. [...] > The interaction with AD would be solely as a source of authentication data. > Users would be "authorized" to login to a *nix server by virtue of having a > local /etc/passwd (or NIS passwd map) entry, not by their AD membership or > attributes. > > My current plan is to configure the servers with Samba as domain clients (not > PDC or BDCs), and use the NSS and LDAP (the PADL tools?) and PAM to issue > authentication queries against the LD. > > That looks so nice when I put it in print, but does this explanation make > any sense? > > Does anyone have any suggested configurations?
There used to be a small piece of SFU which allowed password synchronization towards UNIX (or both ways possibly). I've always hacked the source on the UNIX side to make it behave a bit better, but it's a nice/simple setup: daemon on the DC and on the NIS master. Of course, that's only useful as long as SSO isn't your goal :-) _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
