Ubuntu通過LDAP集成AD域賬號登錄(libnss-ldap方式)
Ubuntu通過LDAP集成AD域賬號登錄(libnss-ldap方式):
# apt-get install libnss-ldap (中間直接回車,忽略)
# vi /etc/nsswitch.conf
passwd: files ldap
group: files ldap
shadow: files ldap
:wq
# vi /etc/ldap.conf
base dc=ming,dc=com
uri ldap://10.0.0.2
binddn cn=ldapadmin,cn=users,dc=ming,dc=com
bindpw xxxxxxx
(下面默認為註釋掉的,需啟用)
# RFC 2307 (AD) mappings
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_attribute uid sAMAccountName
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute shadowLastChange pwdLastSet
nss_map_objectclass posixGroup group
nss_map_attribute uniqueMember member
pam_login_attribute sAMAccountName
pam_filter objectclass=User
pam_password ad
:wq
# /etc/init.d/libnss-ldap restart
認證後自動創建用戶家目錄:
# vi /etc/pam.d/common-session
session required pam_mkhomedir.so skel=/etc/skel umask=0022
:wq
# getent passwd
# su - zhi.yang
本文出自 “linux” 博客,請務必保留此出處http://yangzhiming.blog.51cto.com/4849999/1933593
Ubuntu通過LDAP集成AD域賬號登錄(libnss-ldap方式)