Yes, directory servers winsync maps AD's samAccountName to uid on LDAP-DS, and Unix
use the uid attribute for login name. It is not necessary to use kerberos authentication
of AD, if you sync passwords between AD and DS with winsync.
Carsten
----- Ursprüngliche Nachricht -----
Von: Zebee Johnstone <Zebee.Johnstone(a)optus.com.au>
Datum: Freitag, 21. Januar 2011, 2:43
Betreff: [389-users] Mapping AD names to unix names
An: "'389-users(a)lists.fedoraproject.org'"
<389-users(a)lists.fedoraproject.org>
I want to, amongst other things, qury our Active Directory
server for passwords. So use 389 as a directory server
(using NIS scheme and netgroups) with AD passwords.
Problem is... our AD uses usernames of First Last and a kerberos
principle of first.last. Where as the unix (linux, AIX,
HPUX, Solaris) boxes use 8char usernames.
The password sync stuff I've seen isn't very clear. Does
the AD samAccountName have to be the same as the unix
username? Or is there somewhere on 389 or on AD where I
can do a lookup?
This
http://docs.redhat.com/docs/en-
US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Using_Windows_Sync-Synchronizing_Users.html
seems to say there's a field ntUserDomainId that would do that job, is that used in
the sync?
Is there any documentation on setting this up?
Zebee
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users