yss it's absolutely possible. on redhat, you can directly configure the basics on the system-config-authentication tool, but to fine tune things you'll be checking /etc/ldap.conf to actually establish the connection to the AD interface. one very ueful thing you may want to explore sooner rather than later is the MS SFU (services for unix) AD addon which goes some way to making AD ldap compliant, as by default there is no formal place to store things like unix home directory, login shell etc... adding these onto ad will make things much simpler on the client side. one very important point of demarcation to use is the getent tool. the way that you actually login to a box, amongst other things is lookup details on an abstracted user list the system provides to the login program etc... you can see this list by running "getent passwd", and it'll look very similar, well identical by default, to /etc/passwd itself. you need to first get to a stage where when you run "getent passwd", "getent shadow" and "getent group" you'll get the standard contents of /etc/passwd, /etc/shadow and /etc/group appended with the relevant AD account details too. once you have got this far then you should be able to log in fine, but note in *my* experience there is really NO way to debug what's going on looking up these records, so if you only get the local text file details spewed back at you, somethign somewhere isn't right...... also make sure you're comfortable with the ldapsearch tool before any of this at all and can comfortable query AD without and client side integration at all.
|