ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Authenticating Linux against AD

    Scheduled Pinned Locked Moved IT Discussion
    ldapactive directorylinuxwinbindsssd
    31 Posts 10 Posters 7.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DustinB3403D
      DustinB3403 @stacksofplates
      last edited by

      @johnhooks So it works as expected (or at least it appears to).

      Did you join this system to your domain?

      stacksofplatesS 1 Reply Last reply Reply Quote 0
      • stacksofplatesS
        stacksofplates @DustinB3403
        last edited by stacksofplates

        @DustinB3403 said:

        @johnhooks So it works as expected (or at least it appears to).

        Did you join this system to your domain?

        No I dont have anything to do with the domain stuff. This pc is also on a different network so I can't join it to our normal domain anyway.

        If I feel ambitious I'll try it at home.

        1 Reply Last reply Reply Quote 0
        • KellyK
          Kelly
          last edited by

          I've also been looking at PowerBroker Identity Services from BeyondTrust. It is where Likewise ended up after a series of acquisitions. It looks like I'm going to have to be building a virtual network and trying some of this.

          Have any of you ever tried Zentyal (for the authentication portion, not the email)?

          stacksofplatesS RomoR 2 Replies Last reply Reply Quote 1
          • scottalanmillerS
            scottalanmiller
            last edited by

            No, keep meaning to look at Zentyal but never get around to it.

            1 Reply Last reply Reply Quote 0
            • stacksofplatesS
              stacksofplates @Kelly
              last edited by

              @Kelly said:

              I've also been looking at PowerBroker Identity Services from BeyondTrust. It is where Likewise ended up after a series of acquisitions. It looks like I'm going to have to be building a virtual network and trying some of this.

              Have any of you ever tried Zentyal (for the authentication portion, not the email)?

              I did it one time with a Zentyal VM and an old windows 7 laptop. All I did was join the domain, so other than saying yes it will join I have no idea what management and everything else is like.

              1 Reply Last reply Reply Quote 0
              • RomoR
                Romo @Kelly
                last edited by

                @Kelly Zentyal uses samba 4, so you basically end up with a compatible Active Directory domain controller. You would still need to use pbis or sssd to authenticate your linux machines to the domain controller. Centrify does not work with a samba 4 domain controller, but as I mentioned before either pbis or setting up sssd works ok.

                As for the managment aspect of Zentyal, you can use the web interface to set most of the things your are used to when managing an ad dc except group policy settings, in order to also have groups policy settings you can use RSAT and manage it exactly the same as a windows ad dc.

                1 Reply Last reply Reply Quote 0
                • PSX_DefectorP
                  PSX_Defector
                  last edited by

                  @Kelly said:

                  I've also been looking at PowerBroker Identity Services from BeyondTrust. It is where Likewise ended up after a series of acquisitions. It looks like I'm going to have to be building a virtual network and trying some of this.

                  I've used this in multiple companies, from an airline in America to an oil exploration company.

                  Works like a champ, it's built on Winbind, but now has actual support versus calling RedHat and hoping for the best.

                  KellyK 1 Reply Last reply Reply Quote 0
                  • KellyK
                    Kelly @PSX_Defector
                    last edited by

                    @PSX_Defector said:

                    @Kelly said:

                    I've also been looking at PowerBroker Identity Services from BeyondTrust. It is where Likewise ended up after a series of acquisitions. It looks like I'm going to have to be building a virtual network and trying some of this.

                    I've used this in multiple companies, from an airline in America to an oil exploration company.

                    Works like a champ, it's built on Winbind, but now has actual support versus calling RedHat and hoping for the best.

                    Did you use PBIS Open or the paid version? The paid version is significantly more than I can afford at about $1,600 per server instance.

                    PSX_DefectorP 1 Reply Last reply Reply Quote 0
                    • dafyreD
                      dafyre
                      last edited by

                      Any particular reason winbind won't work? That is what we use here.

                      KellyK 1 Reply Last reply Reply Quote 0
                      • KellyK
                        Kelly @dafyre
                        last edited by

                        @dafyre said:

                        Any particular reason winbind won't work? That is what we use here.

                        Nope, I'm just trying to do due diligence and evaluate all the options and what we gain/lose from them. At this point Winbind is looking like a strong contender due to its ability to work with sudo, but I'd like to compare all the possibilities that are in my price range.

                        1 Reply Last reply Reply Quote 0
                        • RamblingBipedR
                          RamblingBiped
                          last edited by

                          I use PBIS-Open fairly regularly and it works well. I mostly use it for my developer's workstations. I've got a tutorial for installing and configuring it on Ubuntu 14.04 as a How-To on Spiceworks.

                          If you run into any problems testing let me know and I can probably point you in the right direction. It does allow adding AD users to the sudo group. The GIDs and UIDs are created dynamically and are really large compared to normal Linux user accounts. You can use the config tool to access the IDs that the PBIS generates, and then reference those for any permissions/scripting. Usually the usernames and groupnames will work as well.

                          It caches credentials for offline use too.

                          1 Reply Last reply Reply Quote 0
                          • RamblingBipedR
                            RamblingBiped
                            last edited by

                            Oh and I never use the GUI tool, I always use domainjoin-cli. The one and only time I did try to use it ( 2-ish years ago) it was kinda buggy and didn't work for some reason.

                            1 Reply Last reply Reply Quote 1
                            • PSX_DefectorP
                              PSX_Defector @Kelly
                              last edited by

                              @Kelly said:

                              @PSX_Defector said:

                              @Kelly said:

                              I've also been looking at PowerBroker Identity Services from BeyondTrust. It is where Likewise ended up after a series of acquisitions. It looks like I'm going to have to be building a virtual network and trying some of this.

                              I've used this in multiple companies, from an airline in America to an oil exploration company.

                              Works like a champ, it's built on Winbind, but now has actual support versus calling RedHat and hoping for the best.

                              Did you use PBIS Open or the paid version? The paid version is significantly more than I can afford at about $1,600 per server instance.

                              This was back in the Likewise days. So free.99.

                              1 Reply Last reply Reply Quote 0
                              • 1
                              • 2
                              • 1 / 2
                              • First post
                                Last post