Linux using LDAP with Active Directory

OS:

  • windows 2003 server(AD)
  • fedora core1(openldap)

方法

  • windows 2003 AD 上Installing MKS AD4Unix
  • fedora core1 上 installing OpenLDAP 、NSS_LDAP and PAM_LDAP

Fedora linux端


[1. ] vi /etc/ldap.conf

Host 192.168.1.167

BASE dc=123,dc=com

Ldap_version 3

Binddn cn=administrator,cn=Users,dc=123,dc=com

Bindpw 123456

Port 389

Scope sub

nss_base_passwd cn=Users,dc=123,dc=com?sub

nss_base_shadow cn=Users, dc=123,dc=com?sub

nss_base_group cn=Group,dc=123,dc=com?sub

nss_map_objectclass posixAccount User

nss_map_objectclass shadowAccount User

nss_map_attribute uid sAMAccountName

# nss_map_attribute userPassword msSFUPassword

nss_map_attribute homeDirectory msSFUHomeDirectory

nss_map_objectclass posixGroup Group

nss_map_attribute uniqueMember member

nss_map_attribute cn sAMAccountName

pam_login_attribute sAMAccountName

pam_filter objectclass=user

pam_password ad

[2. ] authconfig

       test

       ldapsearch -x -D "cn=administrator,cn=Users,dc=123,dc=com" –W "sAMAccountName=del"


[3. ] vi /etc/nsswitch.conf

Passwd: files ldap

Group: files ldap

Shadow: files ldap

[4.] vi /etc/pam.d/login

#%PAM-1.0

auth       required       /lib/security/pam_securetty.so

auth       required       /lib/security/pam_nologin.so

auth       sufficient     /lib/security/pam_ldap.so

auth       required       /lib/security/pam_warn.so

auth       required       /lib/security/pam_unix_auth.so try_first_pass

account    sufficient   /lib/security/pam_ldap.so

account    required     /lib/security/pam_warn.so

account    required     /lib/security/pam_unix_acct.so

password   required    /lib/security/pam_ldap.so

session    required      /lib/security/pam_unix_session.so

session    required      /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022

session    optional      /lib/security/pam_console.so

[5.] vi /etc/pam.d/sshd

auth    required        /lib/security/pam_env.so

auth    sufficient      /lib/security/pam_ldap.so

auth    sufficient      /lib/security/pam_unix.so use_first_pass likeauth

auth    required        /lib/security/pam_deny.so

windows端,安裝MKS AD4Unix

[1.] 開始->執行->cmd -> regsvr32 c:winntsystem32schmmgmt.dll 
      (Allowed schema updates on the domain controller)

 

[2.] 開始->執行->mmc->主控台->新增/移除嵌入式管理單元-> 新增->Active Directory架構->關閉->確定

 

[3. ] Active Directory架構->右鍵->操作主機,勾選可以在這個網域控制站上修改架構

 

[4.] 安裝MKSADPlugins.msi -> Yes to the questions about schema updates -> "YES to update schema"

 

[5.]  在每使用者的內容會多個Unix setting

 

[6.] 開始->程式集->AD4Unix->MKSADPluginSettings做相關設定

      (如default user shell改為/bin/bash)


ref:http://www.securityfocus.com/infocus/1563

Related posts 相關文章

作者

留言

akong 

請問一下 您還有MKSADPlugins.msi這個檔案嗎?? 急需要啊 請寄到我的mail 謝謝 [email protected]

撰寫回覆或留言

發佈留言必須填寫的電子郵件地址不會公開。