Shannon,

thanks for your very detailed and straightforward HOWTO Article. I've been using NIS on the UNIX side to authenticate Windows/AD users, with SFU 3.5 on our domain controllers. Now our domain admins are trying to convince me to drop NIS altogether in favor of PAM/LDAP. They claim that this should be very easy and straightforward, but no luck so far.

One of their claims is that pam_ldap should be all that's necessary; no Kerberos, Samba or Winbind involved. However, so far all of the instructions I have been able to find on this topic require at least two out of those three. But still the domain admin who is trying to help me to get this working insists that these should only be necessary when Windows shares need to be mounted from Linux, which is not the case in our environment. All Linux users have a home directory on an NFS share; what I need is just a replacement for NIS to get users authenticated and have their uids and gids resolved against AD.

Our environment:

Linux machines running SLES10, AD domain using W2003 domain controllers, SFU 3.5 schema extensions in place.

Any idea of how to get this running using just plain LDAP?

Regards, Richard