Would like to do on Linux what AD can do in Windows

twallstr · 10-29-2006, 01:40 AM

I am looking for software that can basically do what AD does in Windows. With that I mean authenticate users, distribute resources, and things like group polices.
I have seen several threads on interoperability between Windows and Linux but I am looking for a pure Linux solution.

Any tips are greatly appreciated.

Thanks
twallstr

Simon Bridge · 10-29-2006, 01:45 AM

What is wrong with OpenLDAP?

jschiwal · 10-29-2006, 01:46 AM

Active Directory is an implementation of LDAP. Look into using OpenLDAP. The first place to start may be in the Samba3 by Example book that is installed along with samba, or in the samba-docs package. There are examples using LDAP directories. Also, IBM has a redbook available on the web.
http://www.redbooks.ibm.com/pubs/pdf...s/sg244986.pdf
http://www.redbooks.ibm.com/pubs/pdf...s/sg245110.pdf

More howtos here:
http://yolinux.com/TUTORIALS/LDAP_Authentication.html

twallstr · 10-29-2006, 12:24 PM

Thank you both for your reply. It seems LDAP is the way to go. Is there any distribution that is more or less suited for this role?

/Twallstr

jschiwal · 10-30-2006, 07:36 PM

An enterprise version might have the configuration tools to make setting up LDAP easier. They may have a Samba/LDAP stack solution with PAM modules preconfigured. This is a guess on my part. I use OpenSuSE 10.1. In the session setup module of YaST2, you can opt to use LDAP for login authentication. I'm sure that other distro's have the same option.

The Samba book I mentioned has a link to some Samba/LDAP tools that might make migration to LDAP easier.

I'm not certain from your post whether you want to set this up from scratch or are migrating from a Windows AD network to a Linux/Samba/LDAP network. Do you want to end up with an all linux network. There may be a Microsoft server role that Samba doesn't support yet. If it is something that you have to have for your network, you may not be able to get rid of your AD server. The Samba 3 books will provide more information.

Good Luck!

mlsx · 11-05-2006, 10:17 AM

in fact ,just only use OpenLdap can not replace windows AD.
OpenLdap just stores user's information what your want.

the most benefit using AD is signin-onsite.so OpenLdap can not do it.

I have do some solution to replace window AD using Linux.
I use OpenLdap+Kerberos+System PAM authorization.

I write some tips about how to work.But it's chinese.
url is
http://mlsx.xplore.cn/read.php/30.htm

hope it's some helpful for you