Using Identity Management for UNIX effectively - Part I

When using Identity Management for UNIX; we change active directory user password; we expect the related UNIX attributes to be changed promptly. There is couple of conditions that needs to be fulfilled. I am going to discuss all these in detail.

To start with let’s check the UNIX related attributes that are in use starting from Windows 2003 R2. BTW, the previous version, Services for UNIX 3.5 was using a different set of attributes for the same purpose.

Here is the list:

 SFU 3.5 Schema

Windows Server 2003 R2 / Windows 2008 Schema

msSFU30UidNumber

uidNumber

msSFU30GidNumber

gidNumber

msSFU30Gecos

gecos

msSFU30HomeDirectory

unixHomeDirectory

msSFU30LoginShell

loginShell

msSFU30ShadowLastChange

shadowLastChange

msSFU30ShadowMin

shadowMin

msSFU30ShadowMax

shadowMax

msSFU30ShadowWarning

shadowWarning

msSFU30ShadowInactive

shadowInactive

msSFU30ShadowExpire

shadowExpire

msSFU30ShadowFlag

shadowFlag

msSFU30MemberUid

memberUid

msSFU30MemberNisNetgroup

memberNisNetgroup

msSFU30NetgroupDetail

nisNetgroupTriple

msSFU30IpServicePort

ipServicePort

msSFU30IpServiceProtocol

ipServiceProtocol

msSFU30IpProtocolNumber

ipProtocolNumber

msSFU30OncRpcNumber

oncRpcNumber

msSFU30IpHostNumber

ipHostNumber

msSFU30IpNetworkNumber

ipNetworkNumber

msSFU30IpNetmaskNumber

ipNetmaskNumber

msSFU30MacAddress

macAddress

msSFU30BootParameter

bootParameter

msSFU30BootFile

bootFile

msSFU30NisMapName

nisMapName

msSFU30NisMapEntry

nisMapEntry

msSFU30Password

unixUserPassword

msSFU30MemberOfNisNetgroup

msSFU30MemberOfNisNetgroup

msSFU30Aliases

msSFU30Aliases

msSFU30NisDomain

msSFU30NisDomain

msSFU30PosixMember

msSFU30PosixMember

msSFU30PosixMemberOf

msSFU30PosixMemberOf

msSFU30NetgroupHostAtDomain

msSFU30NetgroupHostAtDomain

msSFU30NetgroupUserAtDomain

msSFU30NetgroupUserAtDomain

msSFU30CryptMethod

msSFU30CryptMethod

msSFU30Name

msSFU30Name

msSFU30PosixAccount

posixAccount

msSFU30ShadowAccount

shadowAccount

msSFU30PosixGroup

msSFU30PosixGroup

msSFU30IpService

ipService

msSFU30IpProtocol

ipProtocol

msSFU30OncRpc

oncRpc

msSFU30IpHost

ipHost

msSFU30IpNetwork

ipNetwork

msSFU30NisNetgroup

nisNetgroup

msSFU30NisMap

nisMap

msSFU30NisObject

nisObject

msSFU30Ieee802Device

ieee802Device

msSFU30BootableDevice

bootableDevice

msSFU30Top

msSFU30Top

msSFU30MailAliases

msSFU30MailAliases

msSFU30NetId

msSFU30NetId

msSFU30NetworkUser

msSFU30NetworkUser

I am going to stop here for now to keep the post short :); will discuss regarding setting up active directory user account as NIS user in next post.