AD's LDAP and Kerberos services are of interest to the UNIX admin.
First step is to get Kerberos set up well enough to have kinit work. We demonstrate that in .
In , we use command line ldapsearch
to look at the LDAP tree AD serves.
The authenticiation for ldapsearch may be simple bind, but it may also be in the form of a Kerberos ticket, which is why Kerberos setup came first.
With ldapsearch we can look around in the LDAP tree that represents the AD domain.
I show how to fetch some useful information.
Having Kerberos and LDAP working thus far enables us to integrate LDAP UID lookup into nsswitch
.
We do so in .
In we do exactly the same, but now with sss
instead of nsswitch.
We make a small excursion showing that an AD Kerberos ticket can be used to access a Windows share in .