| Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
GNU/Linux Basic Guide
This 255-page guide will provide you with the keys to understand the philosophy of free software, teach you how to use and handle it, and give you the tools required to move easily in the world of GNU/Linux. Many users and administrators will be taking their first steps with this GNU/Linux Basic guide and it will show you how to approach and solve the problems you encounter.
Click Here to receive this Complete Guide absolutely free. |
|
 |
02-26-2011, 01:01 PM
|
#1
|
|
LQ Newbie
Registered: Jun 2009
Posts: 10
Rep: 
|
Best way to authenticate a group of servers against Windows Active Directory
Hello,
We have a small group of linux servers, currently with local logins. I want to eliminate the local logins and authenticate against the corporate AD.
I've been looking at PAM - but winbind requires each machine to be added to the AD. This becomes a pain if we create new virtual or physical servers.
Is it possible to have one server authenticate directly with AD, and the other servers authenticate against this server, which defers to the one server that is registered in AD?
Thanks.
|
|
|
|
|
02-26-2011, 01:11 PM
|
#2
|
|
Guru
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 18 with Awesome WM
Posts: 6,796
|
Hello,
I've never done it but I assume that if you set up a dedicated OpenLDAP server to authenticate your Linux users and you integrate that with your Active Directory you should be pretty close to what you want. All Linux users on your servers would migrate from using passwd, shadow and groups to the LDAP, thus providing centralized authentication. If you then integrate the OpenLDAP into the Active Directory you should be set. Mind you, never done it, this is pure theory. I'm sure someone with more experience in the field will kick in pretty soon but that's a way I'd investigate. Google turns up with links like these, old but covering pretty much the base of what you need.
http://www.linux.com/archive/feed/40983
http://www.howtoforge.com/linux_ldap_authentication
Kind regards,
Eric |
|
|
|
|
03-01-2011, 08:43 PM
|
#3
|
|
Member
Registered: Mar 2010
Posts: 202
Rep: 
|
look at pam.krb5, you can use kerberos directly to authenticate to the windows domain, no need for joining. That said, it does have a lot of advantages to have your servers fully joined, specially if you offer services to windows clients.
|
|
|
1 members found this post helpful.
|
|
03-12-2011, 09:05 AM
|
#4
|
|
LQ Newbie
Registered: Jun 2009
Posts: 10
Original Poster
Rep:
|
Looking very promising
Quote:
Originally Posted by Juako
look at pam.krb5, you can use kerberos directly to authenticate to the windows domain, no need for joining. That said, it does have a lot of advantages to have your servers fully joined, specially if you offer services to windows clients.
|
Thanks - I got sidetracked with some other pressing things that came up.
That said, I was able to authenticate with kerberos and check with klist. Had some issues with pam configuration, but hopefully I should be able to work those out.
I had some previous experience with kerberos, but that needeed the machine joined to the domain. Probably because it was delegating the authroization for a database. I didn't join the machine here and kerberos worked great - thanks for pointing me in the right direction! |
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 03:51 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
