Yes, directory servers winsync maps AD's samAccountName to uid on LDAP-DS, and Unix use the uid attribute for login name. It is not necessary to use kerberos authentication of AD, if you sync passwords between AD and DS with winsync.
Carsten ----- Ursprüngliche Nachricht ----- Von: Zebee Johnstone <[email protected]> Datum: Freitag, 21. Januar 2011, 2:43 Betreff: [389-users] Mapping AD names to unix names An: "'[email protected]'" <[email protected]> > I want to, amongst other things, qury our Active Directory > server for passwords. So use 389 as a directory server > (using NIS scheme and netgroups) with AD passwords. > > Problem is... our AD uses usernames of First Last and a kerberos > principle of first.last. Where as the unix (linux, AIX, > HPUX, Solaris) boxes use 8char usernames. > > The password sync stuff I've seen isn't very clear. Does > the AD samAccountName have to be the same as the unix > username? Or is there somewhere on 389 or on AD where I > can do a lookup? > > This http://docs.redhat.com/docs/en- > US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Using_Windows_Sync-Synchronizing_Users.html > seems to say there's a field ntUserDomainId that would do that job, is that > used in the sync? > > Is there any documentation on setting this up? > > Zebee > -- > 389 users mailing list > [email protected] > https://admin.fedoraproject.org/mailman/listinfo/389-users
<<attachment: grzemba.vcf>>
-- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
