LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Best/simplist way to authenticate with active directory? WSFU, WINBIND, or ?? (https://www.linuxquestions.org/questions/linux-networking-3/best-simplist-way-to-authenticate-with-active-directory-wsfu-winbind-or-410440/)

Fillys6 02-01-2006 11:32 AM
Best/simplist way to authenticate with active directory? WSFU, WINBIND, or ??
 
I have done quite a bit of reading on this and can't really decide which would be better suited for my needs (WSFU, WINBIND, or ???). Here is the general scenario:

I have a Windows domain with 5 Windows servers and 1 RHEL3 server and approx 50 users. Managing passwords and user names gets a little frustrating because they are in 3 different places (the Windows login ID, the Linux login ID, and the Samba users). I would like to use my Windows Domain Controller as the authentication endpoint for everything using its Active Directory.

The Windows user ID's (ex: jsmith) are different than the Linux user ID's (ex: F0102011) so I must be able to map them to one another (jsmith = F0102011). I cannot make these the same because the program we use on the Linux box requires this type of user ID scheme. I also want my samba share permissions to come from AD as well. Ideally, when jsmith logs into his Windows XP machine and clicks the button to change his password, I would like it to change the password on his F0102011 ID too so that things stay consistent.

I have installed WSFU (Windows Services for UNIX 3.5) on my PDC but haven't done anything on the Linux side until I am sure this is the route I should go. I read a little bit on WINBIND but am confused on which of these would work better for me. Can someone give me a GENERAL description of the two? There is a lot of documentation out there but it is very detailed and complex. A general description would help along with any suggestions on which route to take.

Thanks!!

paul_mat 02-02-2006 09:28 PM
well you have another choice as well, you can authenicate against LDAP, MS Active directory is basically a LDAP server.

on my website i have several how-to's you might want to look at to get some idea's.

http://www.yourhowto.org/content/view/34/9/ - Linux client to authenticate against ADS via pam & LDAP

http://www.geocities.com/evilperson85/serversetup/ - join windows to a windows domain script.

http://www.yourhowto.org/content/view/31/9/ - Authentication against Active Directories using winbind for pop3

the only thing i'm not sure about, is what pam module you would need to edit. for logining into the machine i think it's the /etc/pam.d/login

and i *think* if u edit the /etc/pam.d/samba module to get authenication against either LDAP of winbind


All times are GMT -5. The time now is 11:32 PM.