Dear Mr Monkey, Please pardon a mild thread diversion. But on Tue, 13 Sep 2005 04:38 am, Marlier, Ian teased:
One recommendation: start by building a machine by hand, and get LDAP auth against Active Directory working first;
I have a setup that authenticates off Active Directory using krb5, but uses local password and group files to store user details like UserName, UID, Groups, home dir etc. Have you tied them closer to AD LDAP? Using which schema to include a Unix user info into AD? Thanks for any pointers, michaelj PS: Upgrading from Suse8.2 to SLES9 gave a krb5 bonus; checking an AD password that is due to expire, doesn't cause authentication to fail like it used to the password change is prompted for during login and suceeds in changing the AD password. -- Michael James michael.james@csiro.au System Administrator voice: 02 6246 5040 CSIRO Bioinformatics Facility fax: 02 6246 5166 No matter how much you pay for software, you always get less than you hoped. Unless you pay nothing, then you get more.