On Feb 11, 2008 2:28 PM, Razi Garbie boneybastard@gmail.com wrote:
Hi everyone,
I've spent countless of hours trying to figure out how to sync openLDAP with my currently running windows/active directory, however.. i cant find any information on how this is done.
Im currently running windows/AD which authenticates ~20users all windows boxes (obviously), however.. all windows users have accounts on the linux machines i run and that makes administrative tasks a bit messy, hence i have to make account changes on two different domains.
The ideal setup is to setup setup a OpenLDAP server that is synced with windows active directory, so that my users can authenticate against the linux domain using their windows passwords.
Yes it can be done, in my setup a user can login to linux machine , this user does not exists on linux, beside it exists on windows active directory.
I am getting these results. suppose I have a user , say "bharat", user bharat exists on windows active directory and on linux machine it does not exists.
Now with few configurations user bharat can login to linux box though it does not exists on linux. Linux is getting authentication from windows active directory.
a.) I don't have to create a user account on linux machine. b). My users on active directory can login to linux machine with same passwords assigned on windows ad. c). User can change their password from linux shell (still testing the exact thing which I am getting), but it is confirmed that after changing password from linux shell I have new password working, will let you more.
I tried this thing.
1.) On windows first installed AD, then SFU (service for unix) which gives a unix attribute setting to active directory user properties. 2.) Added a user on active directory. 3.) changed /etc/ldap.conf so that it can bind linux machine with AD. 4.) changed /etc/nsswitch.conf to have ldap authentication 5.) changed pam configuration 6.)authconfig settings to have ldap
I am still working on this thing, exact procedure which i followed I am documenting it. e.g. file changes,
in the mean time you can visit the following page. it is among many other pages which I followed. http://blog.scottlowe.org/2006/08/08/linux-active-directory-and-windows-serv...
I used RHEL5 and windows AD , working on RHEL4 to reproduce the results.
what os are you using?
Anuj Singh.
etc, (linux machines/-ldap clients) - > OpenLDAP <--SYNC --> Win/AD <- (windows machines)
Thats how i imagine the setup will look like.
Has anyone ever done this? Any help is greatly appreciated!
// Thanks, boney