LDAP:  you cannot use tls when doing a ldap bind against an ADS, so you 
loose encryption there.

Samba route: winbind should provide you with access to ADS group 
information and mapping to UNIX ID's. AFAIR you need to be able to join 
the server to the ADS domain, which needs the cooperation of the windows 
sysadmin.

The samba documentation contains all you need for this.

Roelof




John Summerfield wrote:
> Michael H. Semcheski wrote:
>> Hello,
>>
>> My University uses Active Directory.  I use Linux.
>>
>> I would like my SL server to use the active directory to determine
>> which usernames are valid for things like logins.
>>
>> I'm already using the University's Kerberos infrastructure to verify
>> passwords, but I have to make sure the user names are in /etc/passwd.
>> I'd like to not have to add the users to /etc/password.
>>
>> It would be even better if I could get group information from Active
>> Directory, but I can probably live without it.
>>
>> Anyone know if this is possible?  Know what needs to go into the
>> setup, or know of a good howto?
>>
>
> I don't know where Kerberos comes into this, but configuring Linux to 
> authenticate against LDAP should work: standard LDAP enquiries work 
> against AD.
>
> _That_ should be just a matter of running the RH configuration tool.
>
> If you want more than user/password (eg home directory) then you will 
> need to ensure AD has the info. Google (and the other links) are 
> likely to provide the information or links to it.
>
>
>
>
>