It is recommended to an Active Directory enabled DNS server, this will ensure that the LDAP lookups and Kerberos authentication will work properly. Also, provide a user account dedicated for the LDAP authentication.
1. Click System, select Administration and click Authentication. This will launch the Authentication Configuration window.
2. Check Enable LDAP Support and click the Configure LDAP button.
3. Fill in the LDAP Search Base DN and LDAP Server fields. Click Ok when you are done.
4. Click the Options tab and check Local authorization is sufficient for local users and Create home directories on the first login. Click Ok when you are done.
4. Edit the file /etc/ldap.conf and add the following lines below. binddn user account
bindpw password for binddn
nss_map_objectclass posixAccount User
nss_map_objectclass posixGroup Group
nss_map_attribute homeDirectory unixHomeDirectory
If you are using Services for Unix 3.5, remove the homeDirectory mapping above and add the lines below.
nss_map_attribute uid msSFU30Name
nss_map_attribute uidNumber msSFU30UidNumber
nss_map_attribute gidNumber msSFU30GidNumber
nss_map_attribute homeDirectory msSFU30HomeDirectory
nss_map_attribute loginShell msSFU30LoginShell
If you are not using an Active Directory enabled DNS server, you need to add the line referrals no to make this work.
5. Type in getent passwd in a terminal window. You should see your Active Directory user accounts.
6. Type in getent group in a terminal window. You should see your Active Directory groups.
0 comments:
Post a Comment