Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: UNIX in MS Win2003 Domain
Top Forums UNIX for Dummies Questions & Answers UNIX in MS Win2003 Domain Post 53160 by DraconianTimes on Wednesday 7th of July 2004 06:21:34 AM
Old 07-07-2004
Not too sure if you can make the box a member of the domain, but you may want to look at Microsoft's UNIX integration tools to see if there is a migration or connectivity tool that will achieve what you want. They are called Services for UNIX (SFU) and can be found here.

-DT
 

10 More Discussions You Might Find Interesting

1. IP Networking

Unix Domain

hello, how can we create a domain in unix operating systems. By domain i mean which is used to maintain remote user logins and etc. cheers (1 Reply)
Discussion started by: vibhory2j
1 Replies

2. UNIX for Dummies Questions & Answers

Adding a Unix machine to the domain

Hiya, what is the exact command to add a Unix machine to the existing domain? Is this command different for Linux/HP-Ux? thanks (3 Replies)
Discussion started by: Wize
3 Replies

3. Solaris

help,win2003 and solaris10 in a pc?

sorry,my english is poor. who can install win2003 and solaris10 in one pc ? my win2000server in hda1 so frist install win2003 in hda5 second install solaris10 in hda2 but after install over,the win2003 can't logon in. alway let me press<ctrl>+<alt>+<del>. why? (1 Reply)
Discussion started by: keyi
1 Replies

4. UNIX for Dummies Questions & Answers

add linux to NIS (unix) domain

I've set up a NIS domain with unix as master-server, slave server and clients. right now i wish to add linux client to the NIS domain. the linux client has got username and password in it. how do i go about it? :confused: (1 Reply)
Discussion started by: legato
1 Replies

5. UNIX for Dummies Questions & Answers

Joining UNIX to a Windows2003 Domain

Hey everyone, We have a Windows2003 Domain here at my workplace. I'm getting ready to switch over our bottom floor to the new domain. Will they still be able to see our UNIX machine that is setup now (on our workgroup) or will I need to join the UNIX machine to the domain. If that is the case... (4 Replies)
Discussion started by: Duki
4 Replies

6. AIX

How do I connect win2003 to AIX?

How can I connect window 2003 server to AIX? I know that window needs to establish realm trust with UNIX. if the trust is established, would the administrator be able to have full control of files on AIX? (1 Reply)
Discussion started by: sito
1 Replies

7. UNIX for Advanced & Expert Users

UNIX domain sockets vs FIFOs

Is there a performance advantage of one of these over the other? Obviously, it makes no sense to use normal TCP sockets or UDP sockets w/ the overhead they carry. But what about UNIX domain sockets vs FIFOs? I'd think they'd be very similar, in terms of performance and in terms of how they're... (2 Replies)
Discussion started by: mgessner
2 Replies

8. UNIX for Dummies Questions & Answers

Checking who is listening on a Unix Domain Socket

Hi all, I'm writing a kernel module and part of it involves controlling IPCs between processes. My problem is when a process tries to connect to a Unix domain socket, the only identifying information of the socket it supplies (that I can see, anyway) is the special pathname of the socket. From... (0 Replies)
Discussion started by: blank87
0 Replies

9. AIX

Mount drive to Win2003 share folder

Dear all, How can mount a drive from AIX 4.3 to Windows 2003 Server share folder ? Thank a lot. (1 Reply)
Discussion started by: sinopec
1 Replies

10. Windows & DOS: Issues & Discussions

How to: Linux BOX in Windows Domain (w/out joining the domain)

Dear Expert, i have linux box that is running in the windows domain, BUT did not being a member of the domain. as I am not the System Administrator so I have no control on the server in the network, such as modify dns entry , add the linux box in AD and domain record and so on that relevant. ... (2 Replies)
Discussion started by: regmaster
2 Replies

LEARN ABOUT DEBIAN

krb5-sync

KRB5-SYNC(8)							     krb5-sync							      KRB5-SYNC(8)

NAME

       krb5-sync - Synchronize passwords and status with Active Directory

SYNOPSIS

       krb5-sync [-d | -e] [-p password] user

       krb5-sync -f file

DESCRIPTION

       krb5-sync provides a command-line interface to the same functions provided by the password and status synchronization plugin.  It can push
       a new password to Active Directory (actually, to any password store that supports the Kerberos set-password protocol) or activate or
       deactivate an account in Active Directory.

       To synchronize passwords, provide the -p option and specify the password.  Note that the password is given on the command line and must be
       quoted if it contains special characters, and the password will be exposed to any other users on the system where this command is run.
       This is useful primarily for testing and should not be used with production passwords.  Synchronization to Active Directory will be
       attempted based on the configuration in krb5.conf (see below).

       To enable or disable an account, provide the -e or -d option respectively.  These options can also be provided in conjunction with the -p
       option to take both actions at once.

       In either case, user should be the principal name for which these actions should be taken.  user may be either unqualified or in the local
       realm; either way, the Active Directory realm in which to make changes will be taken from the krb5.conf configuration.

       Alternately, krb5-sync also supports processing actions from a file.  To do this, use the -f flag and give the file on the command line.
       The format of the file should be as follows:

	   <account>
	   ad
	   password | enable | disable
	   <password>

       where the fourth line is present only if the <action> is "password".  <account> should be the unqualified name of the account.  The second
       line should be the string "ad" to push the change to Windows Active Directory.  The third line should be one of "password", "enable", or
       "disable", corresponding to the -p, -e, and -d options respectively.  The "enable" and "disable" actions are only supported for AD.

       The file format is not particularly forgiving.  In particular, all of the keywords are case-sensitive and there must not be any whitespace
       at the beginning or end of the lines (except in the password, and only if that whitespace is part of the password), just a single newline
       terminating each line.

       When the -f option is given, the file will be deleted if the action was successful but left alone if the action failed.

       The configuration block in krb5.conf should look something like this:

	   krb5-sync = {
	       ad_keytab       = /etc/krb5kdc/ad-keytab
	       ad_principal    = service/sync@WINDOWS.EXAMPLE.COM
	       ad_realm        = WINDOWS.EXAMPLE.COM
	       ad_admin_server = dc1.windows.example.com
	       ad_ldap_base    = ou=People
	   }

       If the configuration required for an action is not given, that action will not be performed but will apparently succeed from the
       perspective of the krb5-sync utility.  Therefore, if this utility reports success but no change is happening, double-check the
       configuration to ensure that all required options are present.

       The "ad_keytab" option specifies the location of a keytab for authenticating to the other realm, the "ad_principal" option specifies the
       principal to authenticate as (using the key in the keytab), and the "ad_realm" option specifies the foreign realm.  "ad_admin_server" is
       the host to contact via LDAP to push account status changes.  "ad_ldap_base" specifies the base tree inside Active Directory where account
       information is stored.  Omit the trailing "dc=" part; it will be added automatically from "ad_realm".

OPTIONS

       -d  Disable the specified user in Active Directory.  Requires that all of the ad_* options be set in krb5.conf.	This option may not be
	   specified at the same time as -e.

       -e  Enable the specified user in Active Directory.  Requires that all of the ad_* options be set in krb5.conf.  This option may not be
	   specified at the same time as -e.

       -f file
	   Rather than perform a particular action based on a username given on the command line, read a queue file and take action based on it.
	   The format of the queue file is described above.  If the action fails, the file will be left alone.	If the action succeeds, the file
	   will be deleted.

       -p password
	   Change the user's password to password in Active Directory.

EXAMPLES

       Disable the account "jdoe" in Active Directory (using the AD configuration found in krb5.conf):

	   krb5-sync -d jdoe

       Change the password of the account "testuser" in Active Directory to "changeme":

	   krb5-sync -p changeme testuser@EXAMPLE.COM

       The same, except also enable the account in Active Directory:

	   krb5-sync -e -p changeme testuser

       Note that the realm for the user given on the command line is optional and ignored.

       Given a file named jdoe-ad-1168560492 containing:

	   jdoe
	   ad
	   password
	   changeme

       the command:

	   krb5-sync -f jdoe-ad-1168560492

       will change jdoe's password to "changeme" in Active Directory and then delete the file.

SEE ALSO

       The current version of this program is available from its web page at http://www.eyrie.org/~eagle/software/krb5-sync/
       <http://www.eyrie.org/~eagle/software/krb5-sync/>.

AUTHOR

       Russ Allbery <rra@stanford.edu>

2.2								    2012-01-10							      KRB5-SYNC(8)
All times are GMT -4. The time now is 08:14 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy