[Date Prev][Date Next]
RE: Win2k Authorization
I just spent time figuring this out.
My authentication method involves binding anonymously and looking up the
user's DN by doing a search through all users for the entry containing the
attribute the user supplied for ID. In ADS, "userPrincipalName" fits the
bill here, though you could use any attribute that uniquely identifies the
user. So I get the user's DN, then use that DN to bind again along with the
PW. Success or failure of that bind is authentication.
By default, ADS is configured to NOT allow anonymous binding. You have to
change some security settings in ADS to get this to work. The following
works, but might be overkill:
Allow EVERYONE the following rights:
over all items in the directory.
Hope this helps,
From: Daniel Curry [mailto:firstname.lastname@example.org]
Sent: Friday, September 28, 2001 2:54 PM
To: Openldap-Software (E-mail)
Subject: Win2k Authorization
How can I get users on Linux workstations to authenticate against a
Win2k Active Directory?
625 Second Street
San Francisco, CA 94107