 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
> I've been trying to follow samba, centos, ldap, and other > documentation to try and get a CentOS 5 box to permit a user to log > into an existing Windows 200x Active Directory domain without > necessarily having the box as part of the domain. ? ?If it has to be > part of the domain, that is fine. ? The user shall have no local > account on the box - I want their active directory account to > automatically produce their account on the CentOS 5 box, likely with a > shell of bash. I am confused by a couple of things: If I understand you correctly, you want the user account to be created locally on the machine, without the machine joining AD, but the user account is authenticated by AD credentials. The only place I've ever seen anything similar to that was in Apple OD. A "Mobility User" logs in, is authenticated against the OD, but it is in fact created as a local user on the machine. I think as long as your requirements are inflexible, ... good luck, it may be difficult or impossible. But there are a lot of possibilities as long as you're willing to give up at least *one* of your requirements. The preferable choice would be if you have the ability to join the domain. Then there are tons of options, able to auto-create local accounts upon login, and so on. ... I'll try to say more if you express any interest. Oh, one more thing. I was very surprised to learn this a year or two ago. You don't need to be a domain administrator to join a machine onto the domain. I was very surprised when one of my unprivileged users joined his laptop to my domain, and I was unable to repeat that using my own unprivileged account. I investigated this *extremely* thoroughly, because I thought it represented some sort of security breach (like he somehow got the admin pass) but that was not the case. In the end, it was proven, without anybody getting in trouble, that unprivileged users can sometimes join computers to domains. There are some restrictions, but all the websites had conflicting information about what the restrictions are, so I am somewhat unclear in that area.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
