Using Identity Management for UNIX effectively - Part I
When using Identity Management for UNIX; we change active directory user password; we expect the related UNIX attributes to be changed promptly. There is couple of conditions that needs to be fulfilled. I am going to discuss all these in detail.
To start with let’s check the UNIX related attributes that are in use starting from Windows 2003 R2. BTW, the previous version, Services for UNIX 3.5 was using a different set of attributes for the same purpose.
Here is the list:
SFU 3.5 Schema |
Windows Server 2003 R2 / Windows 2008 Schema |
msSFU30UidNumber |
uidNumber |
msSFU30GidNumber |
gidNumber |
msSFU30Gecos |
gecos |
msSFU30HomeDirectory |
unixHomeDirectory |
msSFU30LoginShell |
loginShell |
msSFU30ShadowLastChange |
shadowLastChange |
msSFU30ShadowMin |
shadowMin |
msSFU30ShadowMax |
shadowMax |
msSFU30ShadowWarning |
shadowWarning |
msSFU30ShadowInactive |
shadowInactive |
msSFU30ShadowExpire |
shadowExpire |
msSFU30ShadowFlag |
shadowFlag |
msSFU30MemberUid |
memberUid |
msSFU30MemberNisNetgroup |
memberNisNetgroup |
msSFU30NetgroupDetail |
nisNetgroupTriple |
msSFU30IpServicePort |
ipServicePort |
msSFU30IpServiceProtocol |
ipServiceProtocol |
msSFU30IpProtocolNumber |
ipProtocolNumber |
msSFU30OncRpcNumber |
oncRpcNumber |
msSFU30IpHostNumber |
ipHostNumber |
msSFU30IpNetworkNumber |
ipNetworkNumber |
msSFU30IpNetmaskNumber |
ipNetmaskNumber |
msSFU30MacAddress |
macAddress |
msSFU30BootParameter |
bootParameter |
msSFU30BootFile |
bootFile |
msSFU30NisMapName |
nisMapName |
msSFU30NisMapEntry |
nisMapEntry |
msSFU30Password |
unixUserPassword |
msSFU30MemberOfNisNetgroup |
msSFU30MemberOfNisNetgroup |
msSFU30Aliases |
msSFU30Aliases |
msSFU30NisDomain |
msSFU30NisDomain |
msSFU30PosixMember |
msSFU30PosixMember |
msSFU30PosixMemberOf |
msSFU30PosixMemberOf |
msSFU30NetgroupHostAtDomain |
msSFU30NetgroupHostAtDomain |
msSFU30NetgroupUserAtDomain |
msSFU30NetgroupUserAtDomain |
msSFU30CryptMethod |
msSFU30CryptMethod |
msSFU30Name |
msSFU30Name |
msSFU30PosixAccount |
posixAccount |
msSFU30ShadowAccount |
shadowAccount |
msSFU30PosixGroup |
msSFU30PosixGroup |
msSFU30IpService |
ipService |
msSFU30IpProtocol |
ipProtocol |
msSFU30OncRpc |
oncRpc |
msSFU30IpHost |
ipHost |
msSFU30IpNetwork |
ipNetwork |
msSFU30NisNetgroup |
nisNetgroup |
msSFU30NisMap |
nisMap |
msSFU30NisObject |
nisObject |
msSFU30Ieee802Device |
ieee802Device |
msSFU30BootableDevice |
bootableDevice |
msSFU30Top |
msSFU30Top |
msSFU30MailAliases |
msSFU30MailAliases |
msSFU30NetId |
msSFU30NetId |
msSFU30NetworkUser |
msSFU30NetworkUser |
I am going to stop here for now to keep the post short :); will discuss regarding setting up active directory user account as NIS user in next post.