FreeBSD to authenticate against Active Directory

Chris racerx at
Wed Oct 3 05:31:50 PDT 2007

On Wed, 03 Oct 2007 03:33:50 +0100
Stephen Allen <sdafreebsduk at> wrote:

> Hello,
> Is there any up-to-date definitive resource which explains how to get 
> FreeBSD (6.2) to authenticate against Active Directory (in my case 
> Windows 2003 R2 which includes SFU).  There are a few informative 
> articles floating around, but most date back to 2004/2005 and most 
> involve the use of Samba and Winbind (I'd like to avoid this if
> possible).
> I don't really know what is possible here, I'm coming from only a
> basic understanding of how things like pam work.  Would I have to
> configure every service separately to use Active Directory or could I
> tell FreeBSD to blindly rely on AD for user authentication?
> I read about pam_mkhomedir, so users could have homedirs created 
> automatically when they logged in.  Is this possible in FreeBSD?
> Would I be able to map this automatically to their existing "My
> Documents" folder which is redirected to the network by group policy?
> Please feel free to tell me what can/can't be done and if doing so is
> a good/bad thing.  I can explain bits in more detail if needed.
> Kind regards,
> Steve
> _______________________________________________
> freebsd-questions at mailing list
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at"

Steve - 

	You have a few options. 
2. OpenLDAP
3. The use of WinBind and it's companion apps (using ntlm etc.)
4. Google AD Auth Unix (or, insert your personal choice)

What you may find - is that installing Winbind etc may be your easiest
way to go however, I'm unsure how SFU will play along with the mix.

When using Open(LDAP) you'll notice that this is really nothing more
then building a Unix ldap server. If you're adventure means something
like having a Unix ldap server doing a one way sync with AD (meaning, AD
syncs with the ldap server) good luck finding docs on that.

That sorta of one way syncing seems to be either a secret, users dont
want to come forth with how they did it, or lastly - nobody has ever
done it or gotten it to work.

Anyways - good luck in your adventure.

Best regards,
Registerd Linux user number 448639

More information about the freebsd-questions mailing list