Andrew Findlay schrieb (27.04.2015 21:06 Uhr):
On Mon, Apr 27, 2015 at 06:27:39PM +0000, Ross, Daniel B. wrote:
All of my customers so far have chosen the parallel approach, as
allows the Unix LDAP to continue working if it loses access to AD.
Ideally this includes installing a module on the AD Domain Controllers
that detects password changes and forwards them immediately to the Unix
LDAP. I have generally used Microsoft's SFU password-capture module for
this as AD admins seem happier to install Microsoft code than things from
other sources. It does have its problems though, and the code quality
of the Unix end that they provide leaves a lot to be desired. I believe
newer AD versions come with an updated version of this built in, but I
have not tested it.
I don't know about AD, I googled a bit around. I found
Management for UNIX: Password Synchronization" as a successor of SFU, is
Is this the thing MS is currently offering:
Using NIS and installing a PAM module on every machine!?