Using Active Directory as an LDAP server for Linux clients

I'm trying to figure out how to use Windows Server 2008 R2 as an LDAP server for Linux clients.

Ideally, users should be able to login to their Linux workstations via pam_ldap authenticating against AD. (winbind is not an option unfortunately)

I've looked at Windows Services for Unix but it seems to be going EOL soon.

Is there any other way to achieve this?


Thanks for the suggestions. As I mentioned in the original post, windows services for Unix is going to be EOL soon but I found the replacement for anyone that's interested.

In Windows Server 2008 R2 you need to install the feature "Subsystem for UNIX-based applications".

Secondly, under Roles > Active Directory Domain Services you need to install "Identity Management for Unix".

Once these are installed each user will have have some extra unix attributes :)

The ldap mapping for /etc/ldap.conf is as follows:

# RFC 2307 (AD) mappings
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_attribute uid sAMAccountName
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute shadowLastChange pwdLastSet
nss_map_objectclass posixGroup group
nss_map_attribute uniqueMember member
pam_login_attribute sAMAccountName
pam_filter objectclass=User
pam_password ad

The joys of interoperability...


Likewise Open worked for me - pretty easy to install, and doesn't require any changes to AD. The Free version gives you login functionality. If you pay for the Enterprise version you get Group Policy and a whole host of other things.


You might try http://www.quest.com/authentication-services/active-directory-for-unix.aspx (former Vintela).

I have no experience in setting it up myself, but my previous employer used this and it worked very well on our Linux workstations.