Integration AD with Linux Client

[Guest]

I'm working on windows 2000 domain, at the same time I have 2 servers
running Slackware where I am running 2 monitoring applications, but those
applications are asking me for windows credentials to start up the monitoring
sevices.

How may I authenticate my Linux box client against the Acitve Directory. I
mean i need to find a way that LDAP validate my linux client ?

Thanks any comments !!

 

[Ace Fekay [MVP]]

In

I'm working on windows 2000 domain, at the same time I have 2 servers
running Slackware where I am running 2 monitoring applications, but
those applications are asking me for windows credentials to start up
the monitoring sevices.

How may I authenticate my Linux box client against the Acitve
Directory. I mean i need to find a way that LDAP validate my linux
client ?

Thanks any comments !!

As far as I can see, you would need to install SAMBA on it and bind it (sort
of like joining) to AD as an NTLM client. I'm not sure if Kerberos services
work with Linux, since I stopped playing around wtih it a few years ago, but
if it does, you can bind it to AD using kerberos.

Here's some more specific info:

Linux.com Unite your Linux and Active Directory authentication:
http://enterprise.linux.com/article.pl?sid=04/12/09/2318244&tid=102&tid=101&tid=100

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================

 

[Joe Richards [MVP]]

Yes you can kerberize linux and unix clients. The issues tend to be in the dists
available for the *nixs though. Microsoft really hides the complexity of
kerberos from users and admins.

The easiest way to accomplish kerberos on linux/unix is to look at the products
from Centrify or Vintela. They have take most of the difficulty out of it.

 

[Ace Fekay [MVP]]

In

Yes you can kerberize linux and unix clients. The issues tend to be
in the dists available for the *nixs though. Microsoft really hides
the complexity of kerberos from users and admins.

The easiest way to accomplish kerberos on linux/unix is to look at
the products from Centrify or Vintela. They have take most of the
difficulty out of it.

Cool. Thanks Joe. I didn't know those two existed.

I've previously kerberized a Mac OSx 10.3 Panther server to a client's AD.
That was an interesting project and learned quite a bit. The utilities to do
that were built in between Apple (AD plugin) and native kerberos
functionality in BSD. That was why I wasn't sure about Linux. There's
another post earlier with a similar question about OSx and AD, if you want
to jump in on. I posted some relevant links for the poster.

Here's the Original Thread:
From: Eliot, (e-mail address removed)
Subject: Mac OSX Clients in AD server environment - anomalies
Date: Sun, 4 Sep 2005 18:14:02 -0700

Thanks Joe,

Ace

 

[Guest]

You get true SSO (don't have to enter a password a second time) if you use a
product that enables LDAP & Kerberos to bridge between Linux and Unix. If you
use an LDAP only product then you authenticate to Active Directory but you
have to authenticate to AD everytime you need to access something. So, you've
partially solved your problem. Vintela Authentication Services (VAS) provides
the true SSO between the environments.

 

[Ace Fekay [MVP]]

In

You get true SSO (don't have to enter a password a second time) if
you use a product that enables LDAP & Kerberos to bridge between
Linux and Unix. If you use an LDAP only product then you authenticate
to Active Directory but you have to authenticate to AD everytime you
need to access something. So, you've partially solved your problem.
Vintela Authentication Services (VAS) provides the true SSO between
the environments.

Thanks, Jackson. Good to know.

Ace