ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Authenticating Linux against AD

    Scheduled Pinned Locked Moved IT Discussion
    ldapactive directorylinuxwinbindsssd
    31 Posts 10 Posters 7.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • coliverC
      coliver
      last edited by

      Setting it up to authenticate is pretty easy. Ubuntu has an automated process and the CentOS one has a lot of guides available. The one thing I haven't been able to get working yet is setting up SUDO with AD.

      KellyK 1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller
        last edited by

        I've not used Linux against AD much, when I did it was with Centrify.

        1 Reply Last reply Reply Quote 0
        • brianlittlejohnB
          brianlittlejohn
          last edited by

          I've set up centrify on my company laptop .

          1 Reply Last reply Reply Quote 0
          • KellyK
            Kelly @coliver
            last edited by

            @coliver said:

            Setting it up to authenticate is pretty easy. Ubuntu has an automated process and the CentOS one has a lot of guides available. The one thing I haven't been able to get working yet is setting up SUDO with AD.

            This blog post appears to show how to get winbind to handle sudo in AD: https://mikrocentillion.wordpress.com/2013/06/05/centos-6-authenticate-and-sudo-active-directory-users/.

            1 Reply Last reply Reply Quote 0
            • KellyK
              Kelly
              last edited by

              Centrify Express or the paid option?

              scottalanmillerS 1 Reply Last reply Reply Quote 0
              • brianlittlejohnB
                brianlittlejohn
                last edited by brianlittlejohn

                I used centrify express I believe...

                edit: it was express, I didnt pay anything.

                1 Reply Last reply Reply Quote 0
                • stacksofplatesS
                  stacksofplates
                  last edited by stacksofplates

                  this only works with red hat systems, but is one thing we will be doing in the future. Their Identity Management system will integrate with AD. IdM is set up as its own forest and you can have a trust between the two (pardon my windows jargon if it's incorrect). You can then set up host and user based sudo permissions.

                  KellyK 1 Reply Last reply Reply Quote 0
                  • KellyK
                    Kelly @stacksofplates
                    last edited by

                    @johnhooks said:

                    this only works with red hat systems, but is one thing we will be doing in the future. Their Identity Management system will integrate with AD. IdM is set up as its own forest and you can have a trust between the two (pardon my windows jargon if it's incorrect). You can then set up host and user based sudo permissions.

                    Is that for RHEL only, or the derived distros too?

                    stacksofplatesS 1 Reply Last reply Reply Quote 0
                    • stacksofplatesS
                      stacksofplates @Kelly
                      last edited by stacksofplates

                      @Kelly said:

                      @johnhooks said:

                      this only works with red hat systems, but is one thing we will be doing in the future. Their Identity Management system will integrate with AD. IdM is set up as its own forest and you can have a trust between the two (pardon my windows jargon if it's incorrect). You can then set up host and user based sudo permissions.

                      Is that for RHEL only, or the derived distros too?

                      All RHEL based as far as I know. I've only tried RHEL, CentOS and Fedora though.

                      KellyK 1 Reply Last reply Reply Quote 1
                      • KellyK
                        Kelly @stacksofplates
                        last edited by

                        @johnhooks said:

                        @Kelly said:

                        @johnhooks said:

                        this only works with red hat systems, but is one thing we will be doing in the future. Their Identity Management system will integrate with AD. IdM is set up as its own forest and you can have a trust between the two (pardon my windows jargon if it's incorrect). You can then set up host and user based sudo permissions.

                        Is that for RHEL only, or the derived distros too?

                        All RHEL based as far as I know. I've only tried RHEL, CentOS and Fedora though.

                        Now I have an interesting quandary. Do I go with something more universally supported so the scientists that love Ubuntu can stay on it, or push for unification on CentOS...

                        Probably the former given internal culture.

                        stacksofplatesS 1 Reply Last reply Reply Quote 1
                        • stacksofplatesS
                          stacksofplates @Kelly
                          last edited by stacksofplates

                          @Kelly said:

                          @johnhooks said:

                          @Kelly said:

                          @johnhooks said:

                          this only works with red hat systems, but is one thing we will be doing in the future. Their Identity Management system will integrate with AD. IdM is set up as its own forest and you can have a trust between the two (pardon my windows jargon if it's incorrect). You can then set up host and user based sudo permissions.

                          Is that for RHEL only, or the derived distros too?

                          All RHEL based as far as I know. I've only tried RHEL, CentOS and Fedora though.

                          Now I have an interesting quandary. Do I go with something more universally supported so the scientists that love Ubuntu can stay on it, or push for unification on CentOS...

                          Probably the former given internal culture.

                          Ya we are an all Red Hat shop so it's easy for us.

                          I don't remember but Landscape might give you this ability for Ubuntu also.

                          1 Reply Last reply Reply Quote 1
                          • scottalanmillerS
                            scottalanmiller @Kelly
                            last edited by

                            @Kelly said:

                            Centrify Express or the paid option?

                            Paid. It was a large installation.

                            1 Reply Last reply Reply Quote 0
                            • stacksofplatesS
                              stacksofplates
                              last edited by

                              FWIW on RHEL systems with Cockpit installed, there is a button named Join Domain. What it does I don't know, but I'm guessing it's for this function. I never looked it up.

                              scottalanmillerS 1 Reply Last reply Reply Quote 1
                              • scottalanmillerS
                                scottalanmiller @stacksofplates
                                last edited by

                                @johnhooks said:

                                FWIW on RHEL systems with Cockpit installed, there is a button named Join Domain. What it does I don't know, but I'm guessing it's for this function. I never looked it up.

                                Interesting, never noticed that it had a button like that. have only demo'd it once so have not used Cockpit much, that would be a neat feature.

                                stacksofplatesS 1 Reply Last reply Reply Quote 1
                                • stacksofplatesS
                                  stacksofplates @scottalanmiller
                                  last edited by

                                  @scottalanmiller said:

                                  @johnhooks said:

                                  FWIW on RHEL systems with Cockpit installed, there is a button named Join Domain. What it does I don't know, but I'm guessing it's for this function. I never looked it up.

                                  Interesting, never noticed that it had a button like that. have only demo'd it once so have not used Cockpit much, that would be a neat feature.

                                  Just got in. Here's what comes up when you click it:

                                  0_1460549287675_cockpit.png

                                  DustinB3403D 1 Reply Last reply Reply Quote 2
                                  • DustinB3403D
                                    DustinB3403 @stacksofplates
                                    last edited by

                                    @johnhooks So it works as expected (or at least it appears to).

                                    Did you join this system to your domain?

                                    stacksofplatesS 1 Reply Last reply Reply Quote 0
                                    • stacksofplatesS
                                      stacksofplates @DustinB3403
                                      last edited by stacksofplates

                                      @DustinB3403 said:

                                      @johnhooks So it works as expected (or at least it appears to).

                                      Did you join this system to your domain?

                                      No I dont have anything to do with the domain stuff. This pc is also on a different network so I can't join it to our normal domain anyway.

                                      If I feel ambitious I'll try it at home.

                                      1 Reply Last reply Reply Quote 0
                                      • KellyK
                                        Kelly
                                        last edited by

                                        I've also been looking at PowerBroker Identity Services from BeyondTrust. It is where Likewise ended up after a series of acquisitions. It looks like I'm going to have to be building a virtual network and trying some of this.

                                        Have any of you ever tried Zentyal (for the authentication portion, not the email)?

                                        stacksofplatesS RomoR 2 Replies Last reply Reply Quote 1
                                        • scottalanmillerS
                                          scottalanmiller
                                          last edited by

                                          No, keep meaning to look at Zentyal but never get around to it.

                                          1 Reply Last reply Reply Quote 0
                                          • stacksofplatesS
                                            stacksofplates @Kelly
                                            last edited by

                                            @Kelly said:

                                            I've also been looking at PowerBroker Identity Services from BeyondTrust. It is where Likewise ended up after a series of acquisitions. It looks like I'm going to have to be building a virtual network and trying some of this.

                                            Have any of you ever tried Zentyal (for the authentication portion, not the email)?

                                            I did it one time with a Zentyal VM and an old windows 7 laptop. All I did was join the domain, so other than saying yes it will join I have no idea what management and everything else is like.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 1 / 2
                                            • First post
                                              Last post