Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-1942: How to map local user accounts to AD accounts?

Centrify DirectControl ,  

12 April,16 at 11:11 AM

Applies to: All versions of Centrify DirectControl

 
Question:
 
Is it possible to enforce AD/Windows password rules for local accounts? How does pam.mapuser work?

 
Answer:
 
Yes it is possible by making use of the pam.mapuser configuration parameter. Once the parameter is set, the local
user is expected to type the mapped AD user's password during login. If the local password needs to be used, the
pam.allow.override parameter can be used. Once pam.allow.override is configured, the local user needs to use the
username localaccount@localhost ( note: use localhost, do not replace it with hostname ) and their local password to login.
 
Both these methods are discussed with examples in the attachment at the end of this KB..
 
 
Attachments:

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.