LinuxQuestions.org - how to controll users and password managment like AD in windows as in linux

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - how to controll users and password managment like AD in windows as in linux (https://www.linuxquestions.org/questions/linux-newbie-8/how-to-controll-users-and-password-managment-like-ad-in-windows-as-in-linux-4175451475/)

swaggerlee

02-24-2013 01:50 AM

how to controll users and password managment like AD in windows as in linux

HI , all

well lets take a scenario of 50 user under a domain controlled via AD(active directory)in win2003 server which we all know

Now what i need to know is how can i do the same with linux user..

In my office all are in admin user , now i hv to go individualy each and eveyone configure there password and all

i want to manage via domain but in linux not in windos 2003 server

plzz assist me step by step how to proceed so that my users wont use in ADMIN mode rather work in simple user mode..

bigrigdriver

02-24-2013 01:17 PM

You and your users should be using the sudo command. You login as normal user. When you need to perform an admin task, you use the sudo command to invoke root privilege to perform a task.

Set up the file /etc/sudoers to give the users root authority. You can name each user to have that authority in order to control who can use sudo.

Use your brower to search the web for more info. You will find much discussion on the topic of sudo and setting up the sudoers file.

jpollard

02-24-2013 03:10 PM

The Linux LDAP client can be configured to use active directory.

Reference:

http://www.cyberciti.biz/tips/authen...directory.html

And there are a lot of options for distributed patch/update management - cfengine for one.

PTrenholme

02-24-2013 03:18 PM

Note that you can also set up as many different groups as you wish, and make each user a member of as many different groups as appropriate for that user.

Then, in the /etc/sudoers file, you can give each group access, at whichever level is needed, to the specific programs appropriate for members of that group. Directory and file access is done by setting the ACLs on the directories and files, not in sudoers, but the use of group membership to control access is conceptually similar.

You might also want to look at the Security Enhanced Linux system.

custangro

02-24-2013 03:23 PM

Quote:

Originally Posted by swaggerlee (Post 4898527)

Take a look at IPA - http://freeipa.org

btmiller

02-24-2013 04:29 PM

FreeIPA looks like a good solution, but for something a little more lightweight you can just use a regular OpenLDAP install (possibly combined with Kerberos if you really need single sign on). Through the ppolicy overlay, OpernLDAP can handle many different types of password policies as may be found for AD users. It also has nice replication capabilities for fault tolerance and redundancy.

swaggerlee

02-24-2013 10:30 PM

Quote:

Originally Posted by bigrigdriver (Post 4898779)

@ bigrigdriver but all my user are not using linux (fedora 14) as some of them are using linux some are using windows xp

my linux user are using in USER mode but xp user are in ADMIN mode i want all in one single central server controll by linux

swaggerlee

02-24-2013 10:54 PM

one more information i would like to share that i want this centrally managed server setup in ubuntu i.e. ubuntu server

EDDY1

02-24-2013 11:00 PM

Quote:

Once you get the server online their permissions will change, as you will be setting up permissions for the active users.

All times are GMT -5. The time now is 03:49 AM.