LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-30-2006, 11:43 PM   #1
mambley
LQ Newbie
 
Registered: Jan 2006
Posts: 11

Rep: Reputation: 0
Easy LDAP connection from a Red Hat 4 Enterprise WS to a Windows 2003 AD


Hello Guys,

We have a Windows 2003 Active Directory and a bunch of Linux Servers with separated usernames and passwords on every server.

I've been asked to integrate the authentication for both platforms but if it is possible just having LDAP clients and not LDAP servers on the Linux side. Is it possible?? What would be the easiest way to do it? anybody has good documentation that talks about this kind of environments? is is possible use the authentication option on the Red Hat WS? if yes please let me know how.

Sorry for all the questions, that's the problem of being a NEWBIE. Thanks in advance and Have a HAPPY NEW YEAR!!

Raul
 
Old 12-31-2006, 03:57 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
yss it's absolutely possible. on redhat, you can directly configure the basics on the system-config-authentication tool, but to fine tune things you'll be checking /etc/ldap.conf to actually establish the connection to the AD interface. one very ueful thing you may want to explore sooner rather than later is the MS SFU (services for unix) AD addon which goes some way to making AD ldap compliant, as by default there is no formal place to store things like unix home directory, login shell etc... adding these onto ad will make things much simpler on the client side. one very important point of demarcation to use is the getent tool. the way that you actually login to a box, amongst other things is lookup details on an abstracted user list the system provides to the login program etc... you can see this list by running "getent passwd", and it'll look very similar, well identical by default, to /etc/passwd itself. you need to first get to a stage where when you run "getent passwd", "getent shadow" and "getent group" you'll get the standard contents of /etc/passwd, /etc/shadow and /etc/group appended with the relevant AD account details too. once you have got this far then you should be able to log in fine, but note in *my* experience there is really NO way to debug what's going on looking up these records, so if you only get the local text file details spewed back at you, somethign somewhere isn't right...... also make sure you're comfortable with the ldapsearch tool before any of this at all and can comfortable query AD without and client side integration at all.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Red Hat to launch Red Hat Enterprise Linux 5 before March LXer Syndicated Linux News 0 12-30-2006 08:03 AM
Project made in Red Hat Enterprise 4 need to be able to run on Red Hat Enterprise 3 Elin Linux - Software 1 07-13-2006 12:22 PM
Project on Red Hat Enterprise 4 run on Enterprise 3? Elin Linux - Newbie 1 07-12-2006 04:03 AM
Red Hat Linux 9 + Windows Server 2003 + Windows XP + Fedora in same domain wolfy339 Linux - Networking 5 03-02-2005 06:03 AM
redhat as 3.0 and windows 2003 ldap xn85turbo Linux - General 3 12-05-2004 03:17 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:12 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration