Comments on: Active Directory With nss_ldap And pam_ldap On FreeBSD http://joseph.randomnetworks.com/archives/2004/06/21/active-directory-with-nss_ldap-and-pam_ldap/ cat /dev/random Sat, 04 Jul 2009 08:07:38 -0600 http://wordpress.org/?v=2.9-rare hourly 1 By: Jeremy http://joseph.randomnetworks.com/archives/2004/06/21/active-directory-with-nss_ldap-and-pam_ldap/comment-page-1/#comment-9749 Jeremy Mon, 01 May 2006 02:17:57 +0000 http://joseph.randomnetworks.com/archives/2004/06/21/active-directory-with-nss_ldap-and-pam_ldap/#comment-9749 There is now a FreeBSD port of <a href="http://www.freshports.org/security/pam_mkhomedir">pam_mkhomedir</a>. There is now a FreeBSD port of pam_mkhomedir.

]]> By: Joseph Scott’s Blog » FreeBSD Users and Groups with Samba (Winbind) and Active Directory http://joseph.randomnetworks.com/archives/2004/06/21/active-directory-with-nss_ldap-and-pam_ldap/comment-page-1/#comment-2826 Joseph Scott’s Blog » FreeBSD Users and Groups with Samba (Winbind) and Active Directory Tue, 08 Nov 2005 23:57:21 +0000 http://joseph.randomnetworks.com/archives/2004/06/21/active-directory-with-nss_ldap-and-pam_ldap/#comment-2826 [...] One of the most popular posts on this blog is the how to: Active Directory With nss_ldap And pam_ldap On FreeBSD. That was almost a year and half ago and things have changed a bit since then. One of the reasons that I’d recommended using LDAP at the time was because Winbind (part of Samba) was troublesome (at least on FreeBSD) and that there wasn’t an easy way to provide a consistent UID to SID mapping across systems. Since then Winbind seems to be quite stable on FreeBSD and with the idmap_rid option you can easily keep the UID to SID mapping consistent across multiple systems. With the release of FreeBSD 6.0 this month I’m ready to update the steps needed to make FreeBSD use Active Directory (AD) users and groups, this time via Samba (Winbind) instead of LDAP. [...] [...] One of the most popular posts on this blog is the how to: Active Directory With nss_ldap And pam_ldap On FreeBSD. That was almost a year and half ago and things have changed a bit since then. One of the reasons that I’d recommended using LDAP at the time was because Winbind (part of Samba) was troublesome (at least on FreeBSD) and that there wasn’t an easy way to provide a consistent UID to SID mapping across systems. Since then Winbind seems to be quite stable on FreeBSD and with the idmap_rid option you can easily keep the UID to SID mapping consistent across multiple systems. With the release of FreeBSD 6.0 this month I’m ready to update the steps needed to make FreeBSD use Active Directory (AD) users and groups, this time via Samba (Winbind) instead of LDAP. [...]

]]> By: Blog @ jason.jafanet.com » Blog Archive » Authenticating *Nix to Windows Active Directory http://joseph.randomnetworks.com/archives/2004/06/21/active-directory-with-nss_ldap-and-pam_ldap/comment-page-1/#comment-2098 Blog @ jason.jafanet.com » Blog Archive » Authenticating *Nix to Windows Active Directory Fri, 05 Aug 2005 20:15:35 +0000 http://joseph.randomnetworks.com/archives/2004/06/21/active-directory-with-nss_ldap-and-pam_ldap/#comment-2098 [...] [...] [...] [...]

]]> By: Kevin http://joseph.randomnetworks.com/archives/2004/06/21/active-directory-with-nss_ldap-and-pam_ldap/comment-page-1/#comment-169 Kevin Wed, 22 Sep 2004 13:09:12 +0000 http://joseph.randomnetworks.com/archives/2004/06/21/active-directory-with-nss_ldap-and-pam_ldap/#comment-169 Information on a patch for the Linux PAM module for use on FreeBSD can be found at http://lists.freebsd.org/pipermail/freebsd-questions/2003-October/021555.html Works fine here (5.2.1-RELEASE) Information on a patch for the Linux PAM module for use on FreeBSD can be found at
http://lists.freebsd.org/pipermail/freebsd-questions/2003-October/021555.html
Works fine here (5.2.1-RELEASE)

]]> By: ramana http://joseph.randomnetworks.com/archives/2004/06/21/active-directory-with-nss_ldap-and-pam_ldap/comment-page-1/#comment-94 ramana Tue, 07 Sep 2004 02:40:07 +0000 http://joseph.randomnetworks.com/archives/2004/06/21/active-directory-with-nss_ldap-and-pam_ldap/#comment-94 For Linux there is better alternative to creating home directories which it does not assume pam authentication to be used and much more transparent to applications with many more features. see http://www.intraperson.com/autodir.html If there is similar think like autofs kernel module in freeBSD I will come forward to port Autodir to freeBSD. For Linux there is better alternative to creating home directories which it does not assume pam authentication to be used and much more transparent to applications with many more features.

see http://www.intraperson.com/autodir.html

If there is similar think like autofs kernel module in freeBSD I will come forward to port Autodir to freeBSD.

]]> By: ODC http://joseph.randomnetworks.com/archives/2004/06/21/active-directory-with-nss_ldap-and-pam_ldap/comment-page-1/#comment-39 ODC Fri, 06 Aug 2004 20:26:07 +0000 http://joseph.randomnetworks.com/archives/2004/06/21/active-directory-with-nss_ldap-and-pam_ldap/#comment-39 msSFU30PosixMember seems to be enabled in the AD schema. I'm not sure if BSD allows for upg's (aux groups) but it works for me under linux. 'getent group' gives Boxers:x:10000: to Boxers:x:10001:mtyson,ehollyfield,rbalboa 'id mtyson' gives uid=10000(mtyson) gid=10000 groups=10000,10001(Boxers) Hope that helps. msSFU30PosixMember seems to be enabled in the AD schema.

I’m not sure if BSD allows for upg’s (aux groups) but it works for me under linux.

‘getent group’ gives

Boxers:x:10000:

to

Boxers:x:10001:mtyson,ehollyfield,rbalboa

‘id mtyson’ gives

uid=10000(mtyson) gid=10000 groups=10000,10001(Boxers)

Hope that helps.

]]> By: Joseph Scott http://joseph.randomnetworks.com/archives/2004/06/21/active-directory-with-nss_ldap-and-pam_ldap/comment-page-1/#comment-37 Joseph Scott Thu, 05 Aug 2004 21:36:38 +0000 http://joseph.randomnetworks.com/archives/2004/06/21/active-directory-with-nss_ldap-and-pam_ldap/#comment-37 Looking at the info for an account via LDAP, I don't see an attribute called msSFU30PosixMember. For that matter I don't see an attribute called posixMember either. Hmmmmm. Looking at the info for an account via LDAP, I don’t see an attribute called msSFU30PosixMember. For that matter I don’t see an attribute called posixMember either. Hmmmmm.

]]> By: ODC http://joseph.randomnetworks.com/archives/2004/06/21/active-directory-with-nss_ldap-and-pam_ldap/comment-page-1/#comment-35 ODC Thu, 05 Aug 2004 19:22:41 +0000 http://joseph.randomnetworks.com/archives/2004/06/21/active-directory-with-nss_ldap-and-pam_ldap/#comment-35 You should change the line: nss_map_attribute uniquemember posixMember to: nss_map_attribute uniquemember msSFU30PosixMember if you want to have the linux/unix clients get extended group info / unix private groups You should change the line:

nss_map_attribute uniquemember posixMember

to:

nss_map_attribute uniquemember msSFU30PosixMember

if you want to have the linux/unix clients get extended group info / unix private groups

]]> By: chris m http://joseph.randomnetworks.com/archives/2004/06/21/active-directory-with-nss_ldap-and-pam_ldap/comment-page-1/#comment-20 chris m Fri, 16 Jul 2004 19:34:48 +0000 http://joseph.randomnetworks.com/archives/2004/06/21/active-directory-with-nss_ldap-and-pam_ldap/#comment-20 anyone got this working with Windows 2003? anyone got this working with Windows 2003?

]]> By: The http://joseph.randomnetworks.com/archives/2004/06/21/active-directory-with-nss_ldap-and-pam_ldap/comment-page-1/#comment-10 The Mon, 21 Jun 2004 18:15:08 +0000 http://joseph.randomnetworks.com/archives/2004/06/21/active-directory-with-nss_ldap-and-pam_ldap/#comment-10 <strong>re: Integrating Unix and Windows systems - authentication and authorization via Kerberos and LDAP</strong> re: Integrating Unix and Windows systems – authentication and authorization via Kerberos and LDAP

]]>