Andrey,
Thanks for the info. It worked for me. :) Just another question, I want to secure the communication with AD secure. I read that AD is not SSL compatible and supports startTLS. What security mechanism have you used in your systems with AD?
http://www.directory.fedora.redhat.com/wiki?title=Server_To_Server_Conn&... rect=no
Hi,
You should not verify the users locally (there is a "no_user_check" to add). The authoritative source of validation should be AD/Kerberos. Here is the config that works for us :
auth sufficient /lib/security/pam_krb5.so no_user_check account required /lib/security/pam_krb5.so no_user_check
Prashanth Sundaram wrote:
Andrey,
Thanks for the info. It worked for me. :) Just another question, I want to secure the communication with AD secure. I read that AD is not SSL compatible and supports startTLS.
AD is TLS/SSL compatible and it supports startTLS. Winsync supports both LDAPS and LDAP with startTLS.
What security mechanism have you used in your systems with AD?
http://www.directory.fedora.redhat.com/wiki?title=Server_To_Server_Conn&... http://www.directory.fedora.redhat.com/wiki?title=Server_To_Server_Conn&redirect=no
Hi,
You should not verify the users locally (there is a "no_user_check" to add). The authoritative source of validation should be AD/Kerberos. Here is the config that works for us :
auth sufficient /lib/security/pam_krb5.so no_user_check account required /lib/security/pam_krb5.so no_user_check
-- 389 users mailing list 389-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
389-users@lists.fedoraproject.org
-
Prashanth Sundaram -
Rich Megginson