Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 02-01-2011, 01:31 PM   #1
LQ Newbie
Registered: Feb 2011
Posts: 4

Rep: Reputation: 0
Authentication against AD/Microsoft NIS with linux clients

Our current setup is that we have two windows 2008 servers, with microsoft UNIX services. We have a handle-ful of linux stations. As is the stations as is can autheticate against the domain. What I would like to do is smooth out and make administration a little easier from an AD stand-point. When login in with domain creditials, none of the unix/NIS group & user ID show in the local systems. Currently I have authentic enable for NIS, Kerbos, LDAP & Winbind. I see a script to check the domain and update the local database. I have a concern though about comflicting UID/GID between AD and local accounts as well. Ideally I would also like to map shares at login as well. For example a Shared Drive mapped and mounted and another share mapped as the home directory for the user.
Old 02-01-2011, 03:11 PM   #2
LQ Newbie
Registered: Jan 2011
Posts: 8

Rep: Reputation: 2
I had a similar setup a while back we would have on our main administrative server an encrypted copy of shadow and passwd and we had a script to push it to newly added machines so all UID/GIDs were associated across the board and we used NIS I think for the AD integration. If a user changed his/her password it would be pushed to the master file automatically.

I eventually made the point that our windows and unix systems should not be integrated for account privileges at all. The very few and seldom workstations were PXE-booted and the windows desktops were easily maintained from AD but the main linux-based systems were used by administrators for most part.
Old 02-02-2011, 08:31 AM   #3
LQ Newbie
Registered: Mar 2007
Posts: 22

Rep: Reputation: 1
I experienced mostly the same issues as yours.. We, at one time, used the Vintella(vas) authentication package, but this method I put together replaced that.

What ended up working for us was a combo of Kerberos(for user authentication)/LDAP(for uid/gid synchronization)for having users access AD. We've been using this configuration, with some minor variations, for a few years now and it's done the job.

The reason we needed AD authentication is for the users to be able to use IBM/Rational Clearcase, and for them to have their /home directories stored on an NFS server. With this requirement, everything needed to be synced up from a UID/GID/USER standpoint across the different servers.

Checkout the original how-to I wrote on the subject here:

Last edited by Shannon_VanWagner; 02-02-2011 at 08:34 AM.
Old 02-12-2011, 07:22 PM   #4
Registered: Apr 2003
Posts: 128

Rep: Reputation: 16
not sure what distro you are using, but SuSE you just join them to the domain
Old 02-14-2011, 12:46 PM   #5
LQ Newbie
Registered: Feb 2011
Posts: 4

Original Poster
Rep: Reputation: 0
We are working with RedHat Enterprise linux 4,5 and 6.
It seems like non of the RHEL stations are really authentically the way I would like. Stangly when run Scientific Linux which is based on RHEL5 I was able to loging with domain creditial, but initial logins where very slow.

Looking thought the event logs it looks like it was recieving unsecure LDAP bind. I looks like I had to install active directory certificate role to be a able to get a kerbose bind. In regards to NIS, it's hard to say how well of if it's working. They show as active servers but I am not sure how they exstablish what the NIS name is and ther setting. I have no idea where it gets this configuration from because it was all set automatically. According to the NIS attribute our fileserver which also acts as our secondary domain controller/AD replication partner calls itself the mast NIS server. Then the primary domain controller shows as a subordinate unix server even though its also windows. YPPUSH seems to work between the severs, but the plugin halts when trying to update maps.

All the linux stations do show up in active directory though and I have UNIX attributes associated to all the linux computers, groups & users.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot SSH into Clients with NIS+ scruggsdl Linux - Networking 1 10-06-2010 08:25 AM
[SOLVED] OpenLDAP+Samba for authentication of both linux and windows clients Blue_Ice Linux - Server 24 07-02-2010 04:17 AM
SUSE 9 and 10 NIS clients with RedHat 8.0 NIS server not working fishsponge Linux - Networking 0 11-29-2005 07:43 AM
NIS and Linux Clients Quicksil *BSD 0 03-19-2004 08:25 PM
NIS problems: clients not able to use NIS served information SparceMatrix Linux - Networking 2 03-11-2003 10:40 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:14 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration