[tac_plus] Re: tac_plus configuration using AD/LDAP

Bruce Carleton bruce.carleton at jasperwireless.com
Wed Jul 14 19:17:56 UTC 2010


I used winbind on RHEL 5.  It's part of samba-common.  If you have 2008
A/D controllers, you will probably need to use samba3x.  There some
other details that come to mind.  You have to use pam in the
tac_plus.conf entries for users:

user = some.ad.user {
        login = PAM
}

If you use hosts.allow, you will need something like:

tac_plus: 10. 192.168.

You will also need a pam configuration for tac_plus.  This is what mine
looks like:

$ cat /etc/pam.d/tac_plus
auth       include      system-auth
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
session    optional     pam_keyinit.so force revoke
session    include      system-auth
session    required     pam_loginuid.so

After I had worked out my /etc/krb5.conf, /etc/samba/smb.conf and
/etc/resolv.conf I used the following RHEL 5 command to get winbind
working:

$ authconfig --enablewinbindauth --enablewinbind --enablemkhomedir
--update

Those are the highlights.

Best,

   --Bruce


-----Original Message-----
From: tac_plus-bounces at shrubbery.net
[mailto:tac_plus-bounces at shrubbery.net] On Behalf Of Robert Selvidge
Sent: Thursday, July 08, 2010 12:49 PM
To: tac_plus at shrubbery.net
Subject: [tac_plus] tac_plus configuration using AD/LDAP

Hi,

I'm trying to implement a solution using tac_plus with AD/LDAP
authentication.  I cannot find much information on this using
Shurbbery's tac_plus with this setup.  Can someone point me in the right
direction on how to set this up or even supply a sample configuration if
someone has implemented this?

-Rob

________________________________
This message contains confidential information and is intended only for
the individual named. If you are not the named addressee, you are
notified that reviewing, disseminating, disclosing, copying or
distributing this e-mail is strictly prohibited. Please notify the
sender immediately by e-mail if you have received this e-mail by mistake
and delete this e-mail from your system. E-mail transmission cannot be
guaranteed to be secure or error-free as information could be
intercepted, corrupted, lost, destroyed, arrive late or incomplete, or
contain viruses. The sender therefore does not accept liability for any
loss or damage caused by viruses or errors or omissions in the contents
of this message, which arise as a result of e-mail transmission.
[FriendFinder Networks, Inc., 220 Humbolt court, Sunnyvale, CA 94089,
USA, FriendFinder.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.shrubbery.net/pipermail/tac_plus/attachments/20100708/7e36605
2/attachment.html 
_______________________________________________
tac_plus mailing list
tac_plus at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus


More information about the tac_plus mailing list