Re: Linux Active Directory Authentication

Michael Williams_6 · ‎09-12-2004

Hello people!

I have a very ambitious project to allow an Active Directory domain to authenticate logins to our Linux boxes, but I haven't got a clue where to start.

The howto's only appear to use the OpenLDAP server, which I don't want to use, I want to use my Active Directory server, so if anyone knows any howto's or have their own easy to follow documentation, I'd be more than grateful!!

TIA!

Mike

Hoefnix · ‎09-12-2004

Hi,

Check next 2 thread's, I think they will intrest you.
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=54431

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=54489

HTH,
Peter Geluk

Alexander Chuzhoy · ‎09-13-2004

I don't know if it will work on your version of linux.
On Fedora for instance:
authconfig utility has an option to use winbind for authentication.
select it-then select all necessary settings
including join to domain (pretty simple).When you 'll try to login:
instead of simply enetring username-enter
domainname\username
where domainname is the Microsoft domain's name.

Michael Williams_6 · ‎09-13-2004

Hey thanks guys.

After spending most of the day on this, I'm not sure I am going to be able to get this to work how we need it to.

In short, we are trying to replace our NIS domain with AD Authentication. But the problem here is that it looks as though I can only get logins to work with DOMAIN\USER. Can I do something fancy with smbpasswd to allow us to map a short username and still log in?

Additionally, as it's replacing an already existing NIS domain, I need to be able to map UID and GID's to what they used to be, does anyone know if this is in fact possible?

Thanks for your help!!

Ragu_3 · ‎09-13-2004

> need to be able to map UID and GID's
> to what they used to be, does anyone
> know if this is in fact possible?

Yes, possible using winbind. Winbind is a service to reslove user and group info from Win NT servers. Do use the latest v3.0.7 packages of Samba and Winbind, you can get bacports of these. Reading the excellent tutorial of Terpstra which comes along with samba is a good help!

Debian GNU/Linux for the Enterprise! Ask HP ...

Steven E. Protter · ‎09-13-2004

This can be done with Samba 3.0.6.

The methodology was discussed to a degree at HP World.

I have yet to find a howto doc, but it can be done.

I'll try and dig up the presentation when I'm at work in the morning and can browse the pdf's from HP World.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Michael Williams_6 · ‎09-13-2004

Thanks guys, you've both said that it can be done, but I made two points:

Point 1: The user is in the form DOMAIN\USER
Point 2: The UID and GID isn't mappable

Ragu said that I can do Point 2 with winbind (I'm using that already, must look harder!).

What about Point 1? I *have* to have the old usernames working otherwise I'll have to make my own LDAP/NIS implementation from UNIX.

Thanks for your help guys!

Thomas Bianco · ‎09-14-2004

consider services for unix from microsoft. it's now free and allows NIS Passthrough for AD.

http://support.microsoft.com/default.aspx?scid=kb;en-us;324541

There have been Innumerable people who have helped me. Of course, I've managed to piss most of them off.

LanRx · ‎09-21-2004

It is most certainly possible. First thing that I would do, is I would focus on providing LDAP authentication for your UNIX devices. This can be done by leveraging the nss_ldap software by PADL. Active Directory does support LDAP calls, and for UNIX authentication, in my opinion, it's the best way to go. There are a couple of gotchas as far as some configuration in your LDAP.conf file, particularly if you are using SSL for your LDAP communication between your managed node and your domain controller.

If you would like further assistance, I'd be happy to provide it. I also have some howtos that seemed to get a pretty good response @ another site, available for a small fee @ https://www.lanrx.com/store/

LanRx · ‎09-21-2004

You also will be able to configure and match UID/GID to your existing numbers.

Emir Faisal · ‎09-21-2004

Go for it.

I just setup a samba-3.0.7 running on RH9.0. and it work very well. Now I can either telnet, ssh and cek smb shares using my ActiveDirectory login.

You don't have to worry about DOMAIN\Username since samba3x provide "winbind use default domain" parameter.

I even can manage security on shares on samba using windows explorer (with acl support).

gut lak.

Everything is possible, if you don't know what you're talking about.

LanRx · ‎09-26-2004

Here is my howto on how to perform Linux authentication against Active Directory. The howto was written using FC1 and Windows Server 2003.

http://www.lanrx.com/index.php?option=articles&Itemid=76&topid=0

Dsmith_1 · ‎02-05-2006

Check Out my blog. My next section which will be done later this month will be using Samba. I currently tell you how to do LDAP and LDAPS. Kerberos Pass-through is also a possiblity. Having issue with LDAP with kerberos via SASL with GSSAPI.

http://empsystech.com/tech_blog/category/technology/active-directory/linux-authentication/

Luis Valdez · ‎03-07-2006

use authconfig and put in your AD information.
works perfect.
/usr/bin/authconfig
RHEL AS3

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Linux Active Directory Authentication

Linux Active Directory Authentication