LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 02-26-2011, 01:01 PM   #1
montyny
LQ Newbie
 
Registered: Jun 2009
Posts: 10

Rep: Reputation: 0
Best way to authenticate a group of servers against Windows Active Directory


Hello,
We have a small group of linux servers, currently with local logins. I want to eliminate the local logins and authenticate against the corporate AD.

I've been looking at PAM - but winbind requires each machine to be added to the AD. This becomes a pain if we create new virtual or physical servers.

Is it possible to have one server authenticate directly with AD, and the other servers authenticate against this server, which defers to the one server that is registered in AD?

Thanks.
 
Old 02-26-2011, 01:11 PM   #2
EricTRA
Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290
Hello,

I've never done it but I assume that if you set up a dedicated OpenLDAP server to authenticate your Linux users and you integrate that with your Active Directory you should be pretty close to what you want. All Linux users on your servers would migrate from using passwd, shadow and groups to the LDAP, thus providing centralized authentication. If you then integrate the OpenLDAP into the Active Directory you should be set. Mind you, never done it, this is pure theory. I'm sure someone with more experience in the field will kick in pretty soon but that's a way I'd investigate. Google turns up with links like these, old but covering pretty much the base of what you need.
http://www.linux.com/archive/feed/40983
http://www.howtoforge.com/linux_ldap_authentication

Kind regards,

Eric
 
Old 03-01-2011, 08:43 PM   #3
Juako
Member
 
Registered: Mar 2010
Posts: 202

Rep: Reputation: 84
look at pam.krb5, you can use kerberos directly to authenticate to the windows domain, no need for joining. That said, it does have a lot of advantages to have your servers fully joined, specially if you offer services to windows clients.
 
1 members found this post helpful.
Old 03-12-2011, 09:05 AM   #4
montyny
LQ Newbie
 
Registered: Jun 2009
Posts: 10

Original Poster
Rep: Reputation: 0
Looking very promising

Quote:
Originally Posted by Juako View Post
look at pam.krb5, you can use kerberos directly to authenticate to the windows domain, no need for joining. That said, it does have a lot of advantages to have your servers fully joined, specially if you offer services to windows clients.
Thanks - I got sidetracked with some other pressing things that came up.

That said, I was able to authenticate with kerberos and check with klist. Had some issues with pam configuration, but hopefully I should be able to work those out.

I had some previous experience with kerberos, but that needeed the machine joined to the domain. Probably because it was delegating the authroization for a database. I didn't join the machine here and kerberos worked great - thanks for pointing me in the right direction!
 
  


Reply

Tags
active directory, authentication


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Getting Samba to authenticate against Active Directory lqkums Linux - Newbie 2 02-19-2009 07:33 AM
Authenticate Active Directory with Mandrake 10.1? johnson8707 Mandriva 2 10-29-2008 07:18 AM
Active Directory for Linux, Migration away from Windows servers MonsterMaxx Linux - Software 4 06-27-2008 09:52 PM
Does anyone here authenticate against Active Directory? humbletech99 Linux - Security 6 04-25-2008 10:49 AM
SQUID Authenticate from Windows Active Directory mhm Linux - Server 0 04-05-2008 09:38 AM


All times are GMT -5. The time now is 03:56 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration