> -----Original Message----- > From: owner-openldap-software@OpenLDAP.org > [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Lank, Tim > Perhaps I still don't understand. The username and password > that the linux clients would be putting in are the same as > their Active Directory usernames and passwords. My thought > was that I would be able to not have to setup the pam_ldap > and nss_ldap on every linux client, but rather point them at > an OpenLDAP server setup as a proxy that will take care of > passing these credentials back and forth from the AD to the > respective linux clients. > > Is this not how it works? No, that's not how it works. Perhaps you should do some more reading before attacking this problem. Try the pam and nss documentation first, then the pamldap and nssldap mailing lists. > In order to do authenticate linux clients to the AD, from > what you are indicating below, I cannot use OpenLDAP in this > way using either back-meta or back-ldap because they cannot > pass the original username and password "as-is" over to the > AD and the approval or denial back to the originating client. > Please clarify. back-meta/back-ldap can pass simple authentication, that's not the problem. The problem is that you don't know how to use pamldap or nssldap, and this mailing list is not the place to teach you how to use them. -- Howard Chu Chief Architect, Symas Corp. Director, Highland Sun http://www.symas.com http://highlandsun.com/hyc Symas: Premier OpenSource Development and Support
<<attachment: winmail.dat>>