[tac_plus] AD version of the pam guide

[Daniel Schmidt]

Thanks for the suggestion!  If you'd be willing to write/modify a how-to,
I'm sure people (me) would benefit from it.  My only goal is to prevent
being forced to move to Cisco ACS - Kerberos eliminated this week's risk.
I'd like ldap - would be better - far too busy to figure it out.  Got to
fix Juniper support in do_auth - too many other mundane network tasks 2
do.

-----Original Message-----
From: tac_plus-bounces at shrubbery.net
[mailto:tac_plus-bounces at shrubbery.net] On Behalf Of Brandon Ewing
Sent: Thursday, April 26, 2012 5:58 AM
To: tac_plus at shrubbery.net
Subject: Re: [tac_plus] AD version of the pam guide

On Wed, Apr 25, 2012 at 11:59:08AM -0600, Daniel Schmidt wrote:
> So... you're saying.... homer would need to exist locally on the box
> first?  :-\
>
> Of course, that works much better.  My sincerest apologies for wasting
> everybody's time on this, thanks Adam and 'Heas.  When I get a chance,
> I'll add this to tacacs.org lest anybody waste your time with this
again.
> (New version of do_auth also coming - support for juniper pairs)
>

My installation uses nss_ldap to connect to our AD LDAP to centralize
account information.  This may be a path for you, either through setting
up a service account to handle LDAP binds for nss_ldap, or using machine
accounts via joining the machine to the domain with Samba.

-- 
Brandon Ewing
(nicotine at warningg.com)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL:
<http://www.shrubbery.net/pipermail/tac_plus/attachments/20120426/68fc5924
/attachment.bin>
_______________________________________________
tac_plus mailing list
tac_plus at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
E-Mail to and from me, in connection with the transaction 
of public business, is subject to the Wyoming Public Records 
Act and may be disclosed to third parties.