FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 01-21-2011, 12:43 AM
Zebee Johnstone
 
Default Mapping AD names to unix names

I want to, amongst other things, qury our Active Directory server for passwords. So use 389 as a directory server (using NIS scheme and netgroups) with AD passwords.

Problem is... our AD uses usernames of First Last and a kerberos principle of first.last. Where as the unix (linux, AIX, HPUX, Solaris) boxes use 8char usernames.

The password sync stuff I've seen isn't very clear. Does the AD samAccountName have to be the same as the unix username? Or is there somewhere on 389 or on AD where I can do a lookup?

This http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Using_Windows_Sync-Synchronizing_Users.html seems to say there's a field ntUserDomainId that would do that job, is that used in the sync?

Is there any documentation on setting this up?

Zebee
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 01-21-2011, 07:49 AM
Carsten Grzemba
 
Default Mapping AD names to unix names

Yes, directory servers winsync maps AD's samAccountName to uid on LDAP-DS, and Unix use the uid attribute for login name. It is not necessary to use kerberos authentication of AD, if you sync passwords between AD and DS with winsync.

Carsten
----- Ursprüngliche Nachricht -----
Von: Zebee Johnstone <Zebee.Johnstone@optus.com.au>
Datum: Freitag, 21. Januar 2011, 2:43
Betreff: [389-users] Mapping AD names to unix names
An: "'389-users@lists.fedoraproject.org'" <389-users@lists.fedoraproject.org>

> I want to, amongst other things,* qury our Active Directory
> server for passwords.* So use 389 as a directory server
> (using NIS scheme and netgroups) with AD passwords.
>
> Problem is... our AD uses usernames of First Last and a kerberos
> principle of first.last.* Where as the unix (linux, AIX,
> HPUX, Solaris) boxes use 8char usernames.
>
> The password sync stuff I've seen isn't very clear.* Does
> the AD samAccountName have to be the same as the unix
> username?* Or is there somewhere on 389 or on AD where I
> can do a lookup?
>
> This http://docs.redhat.com/docs/en-
> US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Using_Windows_Sync-Synchronizing_Users.html seems to say there's a field ntUserDomainId that would do that job, is that used in the sync?
>
> Is there any documentation on setting this up?
>
> Zebee
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 01-28-2011, 01:10 AM
brandon
 
Default Mapping AD names to unix names

I use long 8+ usernames in the common first.last in Redhat and Solaris
with no problem, it works just fine (I have done this for ~8 years
now). The only issue I've ever seen is 'top' and 'ps' don't like it, so
you see the UID# instead of the username.

-Brandon


On 01/20/2011 06:43 PM, Zebee Johnstone wrote:
> I want to, amongst other things, qury our Active Directory server for passwords. So use 389 as a directory server (using NIS scheme and netgroups) with AD passwords.
>
> Problem is... our AD uses usernames of First Last and a kerberos principle of first.last. Where as the unix (linux, AIX, HPUX, Solaris) boxes use 8char usernames.
>
> The password sync stuff I've seen isn't very clear. Does the AD samAccountName have to be the same as the unix username? Or is there somewhere on 389 or on AD where I can do a lookup?
>
> This http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Using_Windows_Sync-Synchronizing_Users.html seems to say there's a field ntUserDomainId that would do that job, is that used in the sync?
>
> Is there any documentation on setting this up?
>
> Zebee
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 08:01 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org