[clug] Linux user authentication - integrating with Windows environments

jm jeffm at ghostgun.com
Wed Jul 6 19:04:58 MDT 2011

I can think of three (four?) different directs:

a) ldap on linux. Use pgina on windoze host to auth and native ldap.conf 
and pam on linux
b) kerberos on both linux  and windoze
c) active directory on windows. Not to sure about this but I have seen 
plenty of tutorials on this out there. Most likely, by getting linux to 
treat AD as an ldap server.
d) There's probably a way to get samba to do this.

If your already a windows centric shop then c ( the option you've 
already highlighted) may be your best bet.

Good luck what ever path you choice to go. It's going to be a 
frustrating set up.

Lastly, take a look at 
Only glanced at it, but it seems to do what you want. It will be 
interesting to hear how you fair.


On 7/07/11 10:18 AM, Dale Shaw wrote:
> I'd like to improve the way we manage user accounts and host access.
> I'd like to continue to use the Windows domain as the authoritative
> source for user information and access controls.
> Wants:
> - Logon access to Linux hosts to be authenticated against AD (don't
> care if it's LDAP or "native"); ticks the "single password, single
> password policy" box
> - Logon access to Linux hosts to be authorised based on AD group
> membership (e.g. "user dale is member of group LinuxHost1, access is
> granted")
> - Unique per-user UIDs maintained across Linux hosts
> - Strong preference for not having to pre-create user accounts on Linux hosts
> - Needs to work on RHEL4
> - Needs to work with 'sudo'
> Possible? PAM or other?
> Has anyone done this? Dragons?
> cheers,
> Dale

More information about the linux mailing list