Thread: Howto: Sled 10 Auth To Windows Server 2003 R2 Ad
View Single Post
  #22 (permalink)  
Old 11-Apr-2007, 18:16
Shannon VanWagner
Guest
  
Posts: n/a
Default
Ghys,

Easter was great!! Thanks! Did a bit of snow skiing on Saturday too, so that was fun.

As for the winbind error concerning "guests", that may be related to the "usershare allow guests = no" directive in the /etc/smb.conf. Try using the command "testparm" to test your smb.conf file and show any related errors.

As for the /etc/ldap.conf file, please disregard my previuos posting as that configuration is specific to Windows Server 2003 R2 version. Sorry for the misdirection on that.

I really haven't tested this whole thing on plain vanilla Server 2003 (non-R2) version so if I get a chance to do that I'll let you know what I come up with. The major difference that I know of for 2003 vs. 2003 R2 is that with R2 the AD schema has the Unix Attributes built-in to the AD schema, whereas the plain 2003 version needs Services For Unix to be installed to extend the schema. So this is why the ldap.conf mappings will be different. I'll do some looking around to see what I can come up with in terms of how to map to Server 2003 non-R2 and post what I find.

The search term I'm using on the Internet is "ldap.conf for SFU".

Example ldap.conf for Windows Server 2003 with SFU (untested by me at this time):
#########
#/etc/ldap.conf for connection with SFU
#########
host 10.10.10.5 #ip addr of Windows Server 2003
base cn=Users,dc=coolcompany,dc=com
binddn cn=cool-ldap-user,cn=Users, dc=coolcompany,dc=com
bindpw somepassword
scope sub
ssl no
nss_base_passwd cn=Users,dc=coolcompany,dc=com?sub
nss_base_shadow cn=Users,dc=coolcompany,dc=com?sub
nss_base_group cn=Users,dc=coolcompany,dc=com?sub
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_attribute uid sAMAccountName
nss_map_attribute uidNumber msSFU30UidNumber
nss_map_attribute gidNumber msSFU30GidNumber
nss_map_attribute loginShell msSFU30LoginShell
nss_map_attribute gecos name
nss_map_attribute userPassword msSFU30Password
nss_map_attribute homeDirectory msSFU30HomeDirectory
nss_map_objectclass posixGroup Group
nss_map_attribute uniqueMember msSFU30PosixMember
nss_map_attribute cn cn
pam_login_attribute sAMAccountName
pam_filter objectclass=user
pam_member_attribute msSFU30PosixMember
pam_groupdn cn=unixusergroup,dc=lanrx,dc=com
pam_password ad


Checkout this link for more information:
http://enterprise.linux.com/print.pl.../12/09/2318244

Happy LDAPing

Shannon