[olug] local groups and Active Directory

Rob Townley rob.townley at gmail.com
Mon Feb 12 23:33:28 UTC 2007

On 12/28/06, Phil Brutsche <phil at brutsche.us> wrote:
> The LDAP NSS module will only work if you're using Microsoft's Services
> for UNIX on your domain controller(s) to provide the RFC2307 schema that
> the LDAP NSS module expects.
> You need to set it up to use the winbind NSS module like so:
> passwd:         compat winbind
> group:          compat winbind
> shadow:         compat
> hosts:          files dns
> networks:       files
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files
> netgroup:       nis
> Your AD users and groups will then be available on your Linux machine.
> You can verify their existence with "getent group" and "getent passwd".
> You also need to have winbindd running.
> Adam Lassek wrote:
> > OK, I see how it works. This is what Daniel was getting at, I just
> > wasn't following. Thanks for your help.
> --
> Phil Brutsche
> phil at brutsche.us
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug

This is one those projects i have been considering, but didn't do it because
i  thought it more secure to have two different sets of passwords.  But now
i want to do it.

Assuming the MS AD is not going anywhere, do you absolutely have to use
Microsoft's Services for Unix?  Really?

If a Linux based LDAP server syncs with MS AD.  Then the Linux workstation
authenticates with the Linux LDAP server, would you still have to have MS
Services for Unix?

More information about the OLUG mailing list