 | | RE: best authentication solution for Linux in an Active
Directoryenvironment? | RE: best authentication solution for Linux in an Active
Directoryenvironment? 2004-11-12 - By Frank, Ryan
Back
Yes it does... Gives a new tab with the Unix side options (Group, home, etc..). Very nice...
--
-Ryan
Allvac
Monroe, NC
(704) 282-1586
-- --Original Message-- --
From: taroon-list-bounces@(protected)
[mailto:taroon-list-bounces@(protected)]On Behalf Of Rafael Ferreira
Sent: Thursday, November 11, 2004 7:09 PM
To: Discussion of Red Hat Enterprise Linux 3 (Taroon)
Subject: RE: best authentication solution for Linux in an Active
Directoryenvironment?
Does that require AD schema changes?
-- --Original Message-- --
From: taroon-list-bounces@(protected) [mailto:taroon-list-bounces@(protected)]
On Behalf Of Frank, Ryan
Sent: Thursday, November 11, 2004 4:36 PM
To: Discussion of Red Hat Enterprise Linux 3 (Taroon)
Cc: Wess Neatherlin
Subject: RE: best authentication solution for Linux in an Active Directory
environment?
Check out www.vintela.com we are using them, great plugins!
--
-Ryan
Allvac
Monroe, NC
(704) 282-1586
-- --Original Message-- --
From: taroon-list-bounces@(protected)
[mailto:taroon-list-bounces@(protected)]On Behalf Of Rafael Ferreira
Sent: Thursday, November 11, 2004 12:36 PM
To: taroon-list@(protected)
Cc: Wess Neatherlin
Subject: best authentication solution for Linux in an Active Directory
environment?
Hey guys and few gals,
It has been a while since I last had to do something list this but I need to
integrate authentication between a bunch of linux servers (50) and our
Active Directory environment. Last time I did this - long time ago - we just
used pam_smb and samba would create a new local user every time a new user
got authenticated. I think there are better way out there nowadays. Here 's
what I 've looked into:
* Pam_ldap - this is by far the cleanest solution but it would require
Windows Services for Unix on the AD servers which I looks like a scary thing
to do and I 'm not ready to jump on (Let 's just say my AD structure is VERY
large and moody)
* Kerberos - This would work but would still not give a user a GID/UID
(as far as I know)
* Samba3 - Now this is a tricky one, it works really well but I would
be over kill for my web servers (a bunch of old beat up servers)
The solution I 'm coming up with right now would use NIS on the web servers
and winbind/Samba3 on the back end servers and would keep NIS in since with
the winbind users, but this is turning out to look very complex, and I just
keep thinking to myself that there 's got to be a better way out there.
If anyone has any ideas/comments out there, let 's hear it!
Btw, here 's what I 'm interested in:
* Single authentication with no changes to the AD infrastructure
* Not care much about UID 's being consistent across boxes.
* A single GID would be nice to allow rights to be given to the
"Operations " team
- raf
Rafael Ferreira
Senior Unix Administrator
University of Phoenix Online
rafael.ferreira@(protected)
(480) 557 1730
--
Taroon-list mailing list
Taroon-list@(protected)
http://www.redhat.com/mailman/listinfo/taroon-list
--
Taroon-list mailing list
Taroon-list@(protected)
http://www.redhat.com/mailman/listinfo/taroon-list
--
Taroon-list mailing list
Taroon-list@(protected)
http://www.redhat.com/mailman/listinfo/taroon-list
--
Taroon-list mailing list
Taroon-list@(protected)
http://www.redhat.com/mailman/listinfo/taroon-list
|
|
|