From owner-freebsd-questions@FreeBSD.ORG Wed Oct 3 12:31:49 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E25FC16A41A for ; Wed, 3 Oct 2007 12:31:49 +0000 (UTC) (envelope-from racerx@makeworld.com) Received: from omr10.networksolutionsemail.com (omr10.networksolutionsemail.com [205.178.146.60]) by mx1.freebsd.org (Postfix) with ESMTP id 87F0B13C494 for ; Wed, 3 Oct 2007 12:31:48 +0000 (UTC) (envelope-from racerx@makeworld.com) Received: from mail.networksolutionsemail.com (ns-omr10.mgt.hosting.dc2.netsol.com [10.49.6.73]) by omr10.networksolutionsemail.com (8.13.6/8.13.6) with SMTP id l93CVl1R024875 for ; Wed, 3 Oct 2007 08:31:47 -0400 Received: (qmail 21321 invoked by uid 78); 3 Oct 2007 12:31:47 -0000 Received: from unknown (HELO makeworld.com) (71.113.177.185) by 10.49.36.73 with SMTP; 3 Oct 2007 12:31:47 -0000 Date: Wed, 3 Oct 2007 07:31:46 -0500 From: Chris To: Stephen Allen Message-ID: <20071003073146.57166873@racerx.makeworld.com> In-Reply-To: <4702FF8E.8000004@rowyerboat.com> References: <4702FF8E.8000004@rowyerboat.com> Organization: Makeworld.com X-Mailer: Claws Mail 3.0.0 (GTK+ 2.10.14; i386-redhat-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD to authenticate against Active Directory X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Oct 2007 12:31:50 -0000 On Wed, 03 Oct 2007 03:33:50 +0100 Stephen Allen wrote: > Hello, > > Is there any up-to-date definitive resource which explains how to get > FreeBSD (6.2) to authenticate against Active Directory (in my case > Windows 2003 R2 which includes SFU). There are a few informative > articles floating around, but most date back to 2004/2005 and most > involve the use of Samba and Winbind (I'd like to avoid this if > possible). > > I don't really know what is possible here, I'm coming from only a > basic understanding of how things like pam work. Would I have to > configure every service separately to use Active Directory or could I > tell FreeBSD to blindly rely on AD for user authentication? > > I read about pam_mkhomedir, so users could have homedirs created > automatically when they logged in. Is this possible in FreeBSD? > Would I be able to map this automatically to their existing "My > Documents" folder which is redirected to the network by group policy? > > Please feel free to tell me what can/can't be done and if doing so is > a good/bad thing. I can explain bits in more detail if needed. > > Kind regards, > Steve > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > Steve - You have a few options. 1. LDAP 2. OpenLDAP 3. The use of WinBind and it's companion apps (using ntlm etc.) 4. Google AD Auth Unix (or, insert your personal choice) What you may find - is that installing Winbind etc may be your easiest way to go however, I'm unsure how SFU will play along with the mix. When using Open(LDAP) you'll notice that this is really nothing more then building a Unix ldap server. If you're adventure means something like having a Unix ldap server doing a one way sync with AD (meaning, AD syncs with the ldap server) good luck finding docs on that. That sorta of one way syncing seems to be either a secret, users dont want to come forth with how they did it, or lastly - nobody has ever done it or gotten it to work. Anyways - good luck in your adventure. -- Best regards, Chris Registerd Linux user number 448639