Windows Linux interoperability

Rechenberg, Andrew arechenberg at
Wed Nov 13 11:49:27 EST 2002

There are a number of options that one can use to accomplish what you
want.  We currently use MS SFU Server for NIS on the Windows 2000 DCs,
and ypbind and pam_smb on the Linux box and the configuration works
quite well.

We also used nss_ldap for a while as well, but stock AD only returns the
first 1000 objects for a query and some programs like 'id' don't work
very well in our situation.  A freeware program called AD4UNIX will
extend the schema of your directory like SFU NIS and then you can use
nss_ldap without paying a license for Services for UNIX (it's only $99,
but still not free).

I've been working on a Linux-ActiveDirectory Integration HOWTO for some
time but you know how time goes :)  I'll try to get it done before

Let me know if you have any more questions.  


-----Original Message-----
From: bafian o{-<]: [mailto:fabian79 at] 
Sent: Wednesday, November 13, 2002 10:22 AM
To: kerberos at
Subject: Windows Linux interoperability

Hi all,
I've a AD domain which contains all user accounts and now i want to
insert a
box in the domain.

My first goal was to use kerberos authentication to telnet to the linux
with the ktelnet utility
from a windows XP workstation.
This works fine using the AD KDC and MIT kerberos telnetd on linux i can
authenticate to
the KDC recive a krbtgt ticket and then telnet to linux.

My problem is now to map users accounts from windows AD to linux.
I don't know what is the best solution to do that:
    -using LDAP
    -configuring a MIT realm on linux and then setting up a trust
relationship between this two domains
    -i've read somewhere you can do that with PAM, but i don't know
where to

Can anyone help me?

Fabian Necci

Kerberos mailing list           Kerberos at

More information about the Kerberos mailing list