lists.arthurdejong.org
RSS feed

Re: [nssldap] wireshark shows successful ldap searches, but no nss or pam stuff works

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: [nssldap] wireshark shows successful ldap searches, but no nss or pam stuff works





Guillaume Rousse wrote:
Douglas E. Engert a écrit :


philoertel wrote:
Thanks for the responses!

See I saw a post somewhere else suggesting there might be a problem with not having uid and gid. But I thought this was a common thing and there must be a way. I definitely don't have uid in AD. If I can get my AD admins to work with me, can I just add random uids (>1000)? I don't really understand why they have to be there for this to work, so I can't figure out if there's a
reasonable workaround.
I don't think you can freely add additional information in AD, tough I'm not an expert. Indeed, mapping information (login <-> uid) does not mandatorily have to be there.

See the Microsoft SFU that does provide for using AD for unix and ldap.
I believe W 2003 has the schema built in.

See these for more info:

http://www.padl.com/Articles/ActiveDirectoryandtheNISL.html

http://technet.microsoft.com/en-us/library/bb463150.aspx


I have users both local and remote because remote doesn't work! But I think this is the normal way right? Because root's always going to be local? And
at any rate it shouldn't cause any problems.
It's fine to have local and remote users, provided they are distinct set of users. Otherwise, you're going into various kind of troubles.

[..]
and also look at Samba.
And more specifically at winbind.



--

 Douglas E. Engert  <DEEngert@anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439
 (630) 252-5444