The "U" Word

Making Windows safe for Unix people since 1995

Integrating Unix and Windows systems - authentication and authorization via Kerberos and LDAP

While cruising the blogosphere to see who was saying what about the newly-released Services For Unix 3.5, I tripped across this post by Joseph Scott. It looks like one of his primary interests is setting up his FreeBSD system to pull Unix directory information out of AD.

This is good news to me, since my team has been really hard at work building a “patterns & practices” guide that tells you, step by step, exactly how to configure a Unix or Linux system to:

  • authenticate via Windows Kerberos (single sign-on for real!) using MIT 1.3.1 or Heimdal Kerberos and a PAM module
  • use nss_ldap and pam_ldap to get authorization data (uid/gid and other user and group information) from AD whose schema has been extended either with the SFU 3.0/3.5 schema or with rfc2307.

It also shows you exactly what you have to do on your DCs to make all this work right.

We burned a lot of midnight oil over the last two weeks to get the guide whipped into shape. We're gonna ship it by the end of the month, and it should be available for free download from technet before Feb 1.

It's not perfect, but we don't want to make people wait for it now that SFU 3.5 is out. This may be another case of “Microsoft gets it right after release”, but I'd rather folks see it sooner. If we made the wrong call, I hope people tell me. Heck, if we made the right call, I hope they tell me.

Published Saturday, January 17, 2004 1:53 AM by jdzions

Comments

 

Jeffmo said:

Has this article been posted yet on technet? If so, what is the link to it?
February 3, 2004 2:28 PM
 

jdzions said:

The TechNet link is http://go.microsoft.com/fwlink/?LinkId=23115
March 29, 2004 12:48 PM
 

Joseph Scott said:

I finally got around to writing up a howto on making nss_ldap and pam_ldap on FreeBSD work with Active Directory and SFU 3.5.

<a href="http://joseph.randomnetworks.com/archives/2004/06/21/active-directory-with-nss_ldap-and-pam_ldap/">http://joseph.randomnetworks.com/archives/2004/06/21/active-directory-with-nss_ldap-and-pam_ldap/</a>
June 21, 2004 11:05 AM
 

Joseph Scott said:

What I wouldn't give to be able to edit my own comments :-) I missed a quote at the end of that link, so here it is again:

<a href="http://joseph.randomnetworks.com/archives/2004/06/21/active-directory-with-nss_ldap-and-pam_ldap/">nss_ldap and pam_ldap on FreeBSD with Active Directory and SFU 3.5</a>
June 21, 2004 11:07 AM
 

jdzions said:

http://joseph.randomnetworks.com/archives/2004/06/21/active-directory-with-nss_ldap-and-pam_ldap
June 21, 2004 11:15 AM
 

Maurice Flanagan said:

Thank god for blogs - this is exactly what I was looking for!
July 27, 2004 3:27 PM
 

Mohammed Ghanawi said:

MSFU NFS is very slow, and I wish it used the RFC2307 schema, it would surely make life easier in terms of itegration.

August 7, 2004 3:43 PM
Anonymous comments are disabled

This Blog

Syndication

News

The information posted in this Blog is provided "AS IS" with no warranties, and confers no rights.

© 2009 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
 Microsoft
Page view tracker