[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP and Active Directory

Subject: Re: LDAP and Active Directory
From: Andreas Duecker <a.duecker@q-bus.de>
Date: Fri, 20 Jul 2001 18:39:46 +0200
Cc: openldap-software@OpenLDAP.org
Organization: q~bus Mediatektur GmbH
References: <NFBBJEHBCKCNNDNHBBFFGEBJCAAA.kris.ozzy@lineone.net> <0107191906160K.01506@europa.arcticbears.com>

I´m not ready with it but as far as i know there are several steps to
integrate Unix into Active Directory
I' m not a Windows freak but:

Active Directory uses kerberos Authentication to it's Clients
Active Directory lacks of the inetpersonorg schema
Active directory lacks of the NIS schema

So Authentication like LDAP, sLDAP is not working.

NIS schema:
(For compatibility Mode)

Install the MS NIS Server for Unix from the windows 2000 ressource kit
on a domain controller. The domain (top) schema is automatically updated
with the NIS scheme. It works in NIS mode with Linux. It works not with
IRIX. Tested !!

After updating the scheme you can try to authenticate against AD
so forget MS NIS Server (no extra licences) but not the NIS scheme.

Then autenticate against active directory. It should work with a
"pam_krb" PAM Modul, where ever it is.


http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp
&
White Paper: Windows 2000 Kerberos Interoperabilty: YES Linux is
mentioned there !!

If someone succeeds write a HOWTO !

Andreas

References:
- LDAP and Active Directory
  - From: "Kristyan Osborne" <kris.ozzy@lineone.net>
- Re: LDAP and Active Directory
  - From: Eric Paynter <eric@arcticbears.com>

Prev by Date: Re: autofs and OpenLDAP integration
Next by Date: RE: timeout for ldap_unbind()
Index(es):
- Chronological
- Thread