Ubuntu通过LDAP集成AD域账号登录(libnss-ldap方式):
# apt-get install libnss-ldap (中间直接回车,忽略)
# vi /etc/nsswitch.conf
passwd: files ldap
group: files ldap
shadow: files ldap
:wq
# vi /etc/ldap.conf
base dc=ming,dc=com
uri ldap://10.0.0.2
binddn cn=ldapadmin,cn=users,dc=ming,dc=com (ldapadmin为普通AD账号,需在Users组里)
bindpw xxxxxxx
(下面默认为注释掉的,需启用)
# RFC 2307 (AD) mappings
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_attribute uid sAMAccountName
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute shadowLastChange pwdLastSet
nss_map_objectclass posixGroup group
nss_map_attribute uniqueMember member
pam_login_attribute sAMAccountName
pam_filter objectclass=User
pam_password ad
:wq
# /etc/init.d/libnss-ldap restart
# vi /etc/pam.d/common-session
session required pam_mkhomedir.so skel=/etc/skel umask=0022
:wq
# getent passwd
# su - zhi.yang
