Config for PADLs pam_ldap and nss_ldap to auth from Microsoft's Services For Unix host base dc=base,dc=dn,dc=com binddn bindpw scope sub ssl no nss_base_passwd ou=People,dc=base,dc=dn,dc=com?one nss_base_shadow ou=People,dc=base,dc=dn,dc=com?one nss_base_group ou=People,dc=base,dc=dn,dc=com?one nss_map_objectclass posixAccount User nss_map_objectclass shadowAccount User nss_map_attribute uid msSFU30Name nss_map_attribute uidNumber msSFU30UidNumber nss_map_attribute gidNumber msSFU30GidNumber nss_map_attribute loginShell msSFU30LoginShell nss_map_attribute gecos name nss_map_attribute userPassword msSFU30Password nss_map_attribute homeDirectory msSFU30HomeDirectory nss_map_objectclass posixGroup Group nss_map_attribute uniqueMember posixMember nss_map_attribute cn sAMAccountName pam_login_attribute sAMAccountName pam_filter objectclass=user pam_password crypt ----------------------------------------------------------------- Config for Solaris ldapclient to auth from MS SFU # ldapclient manual -a defaultSearchBase=dc=example,dc=com -a attributeMap=passwd:userPassword=msSFU30Password -a attributeMap=passwd:uid=msSFU30Name -a attributeMap=passwd:uidNumber=msSFU30UidNumber -a attributeMap=passwd:gidNumber=msSFU30GidNumber -a attributeMap=passwd:loginShell=msSFU30LoginShell -a attributeMap=passwd:homeDirectory=msSFU30HomeDirectory -a attributeMap=passwd:uniqueMember=posixMember -a attributeMap=passwd:cn=sAMAccountName -a attributeMap=passwd:gecos=displayName -a objectclassMap=passwd:posixAccount=User -a objectclassMap=group:posixGroup=Group -a attributeMap=group:gidnumber=msSFU30GidNumber -a serviceSearchDescriptor=passwd:ou=People,dc=example,dc=com?one -a serviceSearchDescriptor=group:ou=People,dc=example,dc=com?one -a serviceSearchDescriptor=shadow:ou=People,dc=example,dc=com?one -a preferredServerList="server1.example.com server2.example.com" -a domainName=dc=example.com -a defaultServerList=server1.example.com -a authenticationMethod=simple -a credentialLevel=proxy -a proxyDN="cn=proxy,ou=People,dc=example,dc=com" -a proxyPassword=password -a objectclassMap=group:posixGroup=Group -a attributeMap=group:gidnumber=msSFU30GidNumber -a attributeMap=shadow:userPassword=msSFU30Password -a attributeMap=shadow:uid=msSFU30Name -a objectclassMap=shadow:shadowAccount=User -a profileTTL=0 Add at least the following to pam.conf login auth sufficient pam_unix_auth.so.1 login auth required pam_ldap.so.1 try_first_pass other auth sufficient pam_unix_auth.so.1 other auth required pam_ldap.so.1 try_first_pass passwd auth required pam_passwd_auth.so.1 passwd auth required pam_ldap.so.1 try_first_pass other password required pam_ldap.so.1 try_first_pass ----------------------------------------------------------------- Config for Tru64 Configure /etc/ldapcd.conf like: directory: server.example.com searchbase: "ou=People,dc=example,dc=com" port: 389 connections: 6 max_threads: 64 debug: 1 pw_cachesize: 2000 pw_expirecache: 120 gr_cachesize: 100 gr_expirecache: 600 machine_dn: "cn=proxy,ou=People,dc=example,dc=com" machine_pass: "password" pw_oclass: User pw_username: msSFU30Name pw_password: msSFU30Password pw_uid: msSFU30UidNumber pw_gid: msSFU30GidNumber pw_quota: pw_comment: description pw_gecos: displayName pw_homedir: msSFU30HomeDirectory pw_shell: msSFU30LoginShell gr_oclass: Group gr_name: msSFU30Name gr_password: msSFU30Password gr_gid: msSFU30GidNumber gr_members: MemberUid disablegroup: 0 /usr/sbin/ldapcd /usr/sbin/siacfg -A -a -g pgi LDAP /usr/shlib/libsialdap.so To remove: siacfg -r LDAP Use /usr/sbin/w2ksetup to use kerberos and ldap