On Thu, 31 May 2001, Aaron Roberts wrote:

> I am both new to this group and to Linux in general.  I am considering
> migrating some of my Windows NT stations to Linux, and I was wondering if
> someone could give me instructions on how to have the Linux stations log
> into Active Directory.  I am assuming that the query is made via LDAP, but I
> need to get more specific.

I'm by no means an expert on this yet, but I've gotten it working in two
ways:
With NT4 I used pam-smb-auth to verify users agnist the domain. For the
limited use situation, it worked.

Lately I've been working on kerberos. It more or less works, but in the
end you have the same limitations as pam-smb-auth. (will get to those in a
second.)

This document:
http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp
Describes how to get windows 2000, *NIX, and Kerberos to play nice.

So far I've only gotten my workstation verifiny/changing my AD password
agnist the Win2K KDC, which requires a machine account for each user on
the workstation.

I don't yet know if you can do much more (with windows 2000 anyway)
without getting the "UNIX services for Windows" addon.


| Andrew S. Zbikowski       | Home: 763.591.0977 |
| http://www.ringworld.org  | Work: 763.428.9119 |
| http://www.itouthouse.com | PCS:  612.306.6055 |
|   Sinclair: "No boom?" Garibaldi: "No boom."   |
|     Ivanova: "No boom today. Boom tomorrow.    |
|             Always a boom tomorrow."           |