[389-users] Re: Password lookup to AD
Rich Megginson
rmeggins at redhat.com
Mon Jul 13 21:21:28 UTC 2009
Prashanth Sundaram wrote:
> Thanks Nathan.
>
> I found some old threads discussing the same issue.
>
> https://www.redhat.com/archives/fedora-directory-users/2006-November/msg00301.html
>
> Question1: Do I still need PassSync.msi installed on the Win server?
No.
>
> Question2: How does this work exactly? This is what I understand: Any
> user who log on, the query first goes to FDS and then PTA-plugin
> quries the AD.
PAM passthrough works via pam - similarly to how OpenLDAP goes through
saslauthd - so if you have some PAM module that can auth against AD
(except LDAP which probably won't work) you can configure PAM
passthrough to pass the auth to that PAM module, then to AD
>
> Question3: What is exactly AD Chaining? I get the literal meaning
> that, AD is a symlink to the ldap DB on the FDS. I would like to know
> clear distinction between the two. (AD Chaining and Pass-thru)
With chaining, you have _no_ local data in the directory server - all of
the data is pulled from AD. With PAM passthrough, just the _auth_ is
done against AD - you still have to have the local data in the directory
server
>
> I am sorry, if I am repeating any questions. I am new to unix and
> learning on my own.
>
> Thank you so much, your help is greatly appreciated.
>
> Prashanth
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20090713/ee500b7f/attachment.bin>
More information about the 389-users
mailing list