Home Forums OS X Server and Client Discussion Questions and Answers Authentication User

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • May 29, 2003 at 3:36 pm #355721
    Anonymous
    Participant

    I read your article about Active Directory Integration In Three Hours Or Less, published on May 8, 2003. On your page 2, you mentioned about giving a minimal rights to this user for authenticate the AD database. I would like to know what NT permission I need to assign to this user. I am having trouble of authentication if the user does not have Admin right.

    Thanks.

    May 30, 2003 at 2:07 pm #355742
    Anonymous
    Participant

    Thank you for your quick response.

    If this authenticate user belongs to the Domain Users group, he can’t do authentication. If I assign him to the Domain Admins group, he can authenticate without any problems. Is that how you would assign permission? If you have any other ways of giving this user NT permission to do authentication, please let me know. I do not want to assign him in the Domain Admins group if I do not have to.

    Thanks.

    June 16, 2003 at 2:05 pm #355873
    Anonymous
    Participant

    GOD NO!
    Since this user will more than likely be used on many machiines and you probably are not using SSL to connect, this user’s credentials are going clear text over the wire. Anyone sniffing the network will have the keys the city!
    By default all “authenticated users” have read permissions to the AD. I’d make a user just for this purpose and deny everything to him other than read. (i.e. logon locally, logon interactivly, etc…)

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.