Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT Deployment Manual page 443

LDAP
The Enable LDAP Support option instructs the system to retrieve user information via LDAP. Click
the Configure LDAP... button to specify the following:
• LDAP Search Base DN — Specifies that user information should be retrieved using the listed
Distinguished Name (DN).
• LDAP Server — Specifies the IP address of the LDAP server.
• Use TLS to encrypt connections — When enabled, Transport Layer Security will be used to
encrypt passwords sent to the LDAP server. The Download CA Certificate option allows you to
specify a URL from which to download a valid CA (Certificate Authority) Certificate. A valid CA
Certificate must be in PEM (Privacy Enhanced Mail) format.
For more information about CA Certificates, refer to
Security".
The openldap-clients package must be installed for this option to work.
For more information about LDAP, refer to
Hesiod
The Enable Hesiod Support option configures the system to retrieve information (including user
information) from a remote Hesiod database. Click the Configure Hesiod... button to specify the
following:
• Hesiod LHS — Specifies the domain prefix used for Hesiod queries.
• Hesiod RHS — Specifies the default Hesiod domain.
The hesiod package must be installed for this option to work.
For more information about Hesiod, refer to its man page using the command man hesiod. You can
also refer to the hesiod.conf man page (man hesiod.conf) for more information on LHS and
RHS.
Winbind
The Enable Winbind Support option configures the system to connect to a Windows Active Directory
or a Windows domain controller. User information from the specified directory or domain controller
can then be accessed, and server authentication options can be configured. Click the Configure
Winbind... button to specify the following:
• Winbind Domain — Specifies the Windows Active Directory or domain controller to connect to.
• Security Model — Allows you to select a security model, which configures how clients should
respond to Samba. The drop-down list allows you select any of the following:
• user — This is the default mode. With this level of security, a client must first log in with a valid
username and password. Encrypted passwords can also be used in this security mode.
• server — In this mode, Samba will attempt to validate the username/password by authenticating
it through another SMB server (for example, a Windows NT Server). If the attempt fails, the user
mode will take effect instead.
Section 22.8.2, "An Overview of Certificates and
Chapter 25, Lightweight Directory Access Protocol
User Information
(LDAP).
417