This is a discussion on Unix/Linux to AD authentication - SMB ; I've been reading *alot* lately on authenticating Unix/Linux users to Active Directory. But I'm still a little unclear on a few things.... 1st, if using windbind, and all I want to do is not have to manually create users on ...
I've been reading *alot* lately on authenticating Unix/Linux users to
Active Directory. But I'm still a little unclear on a few things....
1st, if using windbind, and all I want to do is not have to manually
create users on the *nix box, do I need to configure ldap in "client"
mode on the *nix box ? Or does windbind take care of looking up the
user/password info without needing ldap info ?
2nd, is it possible to have *only* users in a specified AD group be
granted shell access, and therefore be authenticated ? IE, I don't want
*all* valid users in our domain to be granted access, I want to be able
to say that only users in AD group X can loin via the shell...
Finally, does using windbind require that the application/daemon
support, or be compiled to support PAM ? Some of our machines are AIX,
and PAM support isn't standard until 5.2, and has only recently been
back-ported to 5.1...We have 5.1, but also 4.3.3.
Or is there a good source of information on AIX's LAM ?
I've read, and re-read all the information I've been able to find on
windbind, and am still a bit unclear on these things.
Thanks for any info or pointers...
--
- Matt -
