LDAP authentication: Windows Server2k3 vs. 2k8

Posted by wolfgangsz on Server Fault See other posts from Server Fault or by wolfgangsz
Published on 2010-11-04T14:06:58Z Indexed on 2011/01/10 12:55 UTC
Read the original article Hit count: 220

We have around 70% linux users, all of which are configured to authenticate against Active Directory through LDAP. In order for this to work, we used the "Windows Services for Unix" under Windows Server 2003, and it all works fine.

We are now at a point where the server running this contraption is getting a bit tired and will be replaced with a newer machine, running Windows Server 2008 (where the relevant services such as user name mapping and password changes, etc., are integrated with the OS).

And here's the rub: If a new user is configured through the Win2k3 server, then it all works fine. If the same thing is done through the Win2k8 server, then :

  1. The ADS plugin on the 2k3 server does not recognize it and behaves as if the UNIX attributes were never set.
  2. The user cannot authenticate against ADS using LDAP.

Has anybody encountered this problem? If so, how did you overcome this?

If you need any additional information to provide further help, just ask and I shall provide it.

© Server Fault or respective owner

Related posts about windows-server-2008

Related posts about active-directory