agree, id be more then interested in seeing how you did it in a very detailed step by step fassion of a HOWTO to include pitfalls and how to avoid them.

Sure! Give me some days for the HOWTO :study:

Ok, I promised a HOWTO. Yet I'm still busy with continuing my project which also includes automounting home directories and more. But to reach what I've reached there's no better HOWTO than this article:

http://www.microsoft.com/technet/its...w/01wsdsu.mspx

It's very detailed and you need some time to go through but it really works!


Write some comments if it worked for you or if you're stuck.

I'm facing the same problem Alex r is (or was) facing, I've to intergrate Linux workstations into the Active Directory server (windows 2003). I've not yet succesfully authenticated to the LDAP server, I'm getting the message "pam_ldap: error trying to bind (invalid credentials)" I know Alex r had created a special ldapuser which I also created but because I'm a coplete newbie in Windows Server :) I don't know where to active the permissions to access user data for the AD could somebody give me some hint's or tips? Where do I set these permissions?? I thought I add the ldapuser to the Administrator group would be enough :confused:

Could somone also give me some tips for the automounting of home directory's ?? can that be done automatic or do I have to write a login bash script? What is the preferred way? Samba or NFS or NIS?

Many thanks!!

I just added a new user to Win2k3 without any special settings. Seems to work for the LDAP binding as per the docs provided by Microsoft at

http://www.microsoft.com/technet/its...w/08wsdsu.mspx

This describes the settings for using LDAP - Active Directory - and PAM for Linux/UNIX user authentication via Active Directory server with installation of Windows Services for UNIX v3.5

--
Randy

@STeeF:

I hope the hint from donahoo helped. I didn't checked that document but on the microsoft one I mentioned in an earlier post is a detailed description. Maybe download the pdf cause that's easier to handle. The document describes how to set up a user called 'padl' with minimum rights. If I remember right, you also need to set up a new group but I'm not sure about that anymore.

Automounting home directories sux hard! It's too much too explain it here. Read my post at the microsoft newsgroup to find out what pain you'll face.

http://groups.google.co.in/groups?hl...orunix.general

The guys are writing about using NIS but I don't have a clue how that should work. Server for NIS running at your windows server is not getting recognized and even if it does I doubt you'll get useful information from it. Since my goal is to reach maximum compatibility with Linux, users need to have the same home directory no matter with what OS they login. This means you need to share the top level folder containing the home directories two times. First, make a NFS share for your UNIX clients. Then make a SMB (normal windows) share for you windows clients. Once you get everything to work (took me quite long but my posting I mentioned above should help) you need to login as root and change NFS permissions to chmod 700 (rwx------) manually if you want to keep other users from browsing to foreign home direcories. Quite a lot of work if you have many users. Therefore think about a script :D

A FC4 HOWTO in progress...
 

It doesn't cover everything, but I should cover the Linux portion. Post in that thread if you find errors.

http://www.linuxquestions.org/questi...50#post1907850

The answer article
 

Hello,

In last post of this article (not mine); someone requested that you write up an answer article; I am just wondering if you did.. The whole process doesn't seem that straight forward and as someone who is new to this, it would be great to see a step-by-step guide.

Regards,
easy

Post #22 is 4(!) yrs old ... don't hold your breath.

I think he's talking about Post #15, which is pretty stinkin' old, too.

If folks have questions about the way I set it up, I'll answer questions in my thread in post #22 because, imo, it's still relevant.

I'm now using AD's Kerberos for the auth and AD's LDAP for user attribute storage, instead of LDAP auth.

I auth about 200 Linux machines and a few Solaris 10 machines using this mechanism. I have not performed any performance tweaks other than adding "referrals off" in ldap.conf for a multi-site domain. I don't have thousands, or even hundreds of users authenticating, so what works for me may not work for you.

FYI: I've had problems on RHEL involving system message bus not wanting to start on boot if ldap is inaccessible. I actually have to iLO into my machines, boot with single user mode, turn off ldap in nsswitch.conf, boot, then enable it once I get into multi-user mode. There seems to be a patch or a workaround, see: https://bugzilla.redhat.com/show_bug.cgi?id=186527, but I haven't used it as the problem has only occurred once in the last year.

AD auth works phenomenally on Solaris 10 amd64.

To be honest..
 

I'm about to embark on setting up Perforce and Teamcity with LDAP for more efficient account management.

Sorry for yet another old thread bump but I've been there done that on the AD part of this: http://b-landia.net/wiki/doku.php/guide:sso
directly to the configuration part:

http://b-landia.net/wiki/doku.php/gu...#configuration