[clug] Linux user authentication - integrating with Windows environments

Dale Shaw dale.shaw at gmail.com
Wed Jul 6 18:18:31 MDT 2011


Hi all,

It's been an embarrassingly long time since I've dug into this sort of
thing so I thought I'd tap into the collective wisdom of CLUG.
Disclaimer: this message is the first thing I've done in finding a
solution to this.

Like many organisations, we have a mix of host and device types in the
network. We manage little "enclaves" of hosts which typically run Red
Hat Enterprise Linux or Windows, depending on application
requirements.

At the moment we manage user accounts on Linux hosts in a fairly
manual basis; even between Linux hosts we're not using any centralised
authentication or access control mechanism. Our Windows systems are
part of an Active Directory domain, so there's a single centralised
repository of user account information.

I'd like to improve the way we manage user accounts and host access.
I'd like to continue to use the Windows domain as the authoritative
source for user information and access controls.

Wants:

- Logon access to Linux hosts to be authenticated against AD (don't
care if it's LDAP or "native"); ticks the "single password, single
password policy" box
- Logon access to Linux hosts to be authorised based on AD group
membership (e.g. "user dale is member of group LinuxHost1, access is
granted")
- Unique per-user UIDs maintained across Linux hosts
- Strong preference for not having to pre-create user accounts on Linux hosts
- Needs to work on RHEL4
- Needs to work with 'sudo'

Possible? PAM or other?

Has anyone done this? Dragons?

cheers,
Dale


More information about the linux mailing list