 | | best authentication solution for Linux in an Active Directory env
ironment? | best authentication solution for Linux in an Active Directory env
ironment? 2004-11-11 - By Rafael Ferreira
Back
Hey guys and few gals,
It has been a while since I last had to do something list this but I need to
integrate authentication between a bunch of linux servers (50) and our
Active Directory environment. Last time I did this - long time ago - we just
used pam_smb and samba would create a new local user every time a new user
got authenticated. I think there are better way out there nowadays. Here 's
what I 've looked into:
* Pam_ldap - this is by far the cleanest solution but it would require
Windows Services for Unix on the AD servers which I looks like a scary thing
to do and I 'm not ready to jump on (Let 's just say my AD structure is VERY
large and moody)
* Kerberos - This would work but would still not give a user a GID/UID
(as far as I know)
* Samba3 - Now this is a tricky one, it works really well but I would
be over kill for my web servers (a bunch of old beat up servers)
The solution I 'm coming up with right now would use NIS on the web servers
and winbind/Samba3 on the back end servers and would keep NIS in since with
the winbind users, but this is turning out to look very complex, and I just
keep thinking to myself that there 's got to be a better way out there.
If anyone has any ideas/comments out there, let 's hear it!
Btw, here 's what I 'm interested in:
* Single authentication with no changes to the AD infrastructure
* Not care much about UID 's being consistent across boxes.
* A single GID would be nice to allow rights to be given to the
"Operations " team
- raf
Rafael Ferreira
Senior Unix Administrator
University of Phoenix Online
rafael.ferreira@(protected)
(480) 557 1730
--
Taroon-list mailing list
Taroon-list@(protected)
http://www.redhat.com/mailman/listinfo/taroon-list
|
|
|