[clug] Linux user authentication - integrating with Windows environments
jm
jeffm at ghostgun.com
Wed Jul 6 19:04:58 MDT 2011
I can think of three (four?) different directs:
a) ldap on linux. Use pgina on windoze host to auth and native ldap.conf
and pam on linux
b) kerberos on both linux and windoze
c) active directory on windows. Not to sure about this but I have seen
plenty of tutorials on this out there. Most likely, by getting linux to
treat AD as an ldap server.
d) There's probably a way to get samba to do this.
If your already a windows centric shop then c ( the option you've
already highlighted) may be your best bet.
Good luck what ever path you choice to go. It's going to be a
frustrating set up.
Lastly, take a look at
http://www.linux.com/learn/tutorials/442411-unite-your-linux-and-active-directory-authentication
Only glanced at it, but it seems to do what you want. It will be
interesting to hear how you fair.
Jeff.
On 7/07/11 10:18 AM, Dale Shaw wrote:
>
> I'd like to improve the way we manage user accounts and host access.
> I'd like to continue to use the Windows domain as the authoritative
> source for user information and access controls.
>
> Wants:
>
> - Logon access to Linux hosts to be authenticated against AD (don't
> care if it's LDAP or "native"); ticks the "single password, single
> password policy" box
> - Logon access to Linux hosts to be authorised based on AD group
> membership (e.g. "user dale is member of group LinuxHost1, access is
> granted")
> - Unique per-user UIDs maintained across Linux hosts
> - Strong preference for not having to pre-create user accounts on Linux hosts
> - Needs to work on RHEL4
> - Needs to work with 'sudo'
>
> Possible? PAM or other?
>
> Has anyone done this? Dragons?
>
> cheers,
> Dale
More information about the linux
mailing list