# Identification Management with ActiveDirectory

What is the most effective, or the majority of trusted, means to handle my Unix/Linux customer accounts with ActiveDirectory? Or, is this also viable?

0
2019-05-05 11:59:33
Source Share

It's fairly viable, and also currently done.

As a person has actually currently stated, Likewise will certainly offer you straight assimilation. Nonetheless ...

If you intend to start, you can additionally install winbind from the Samba task, which would certainly offer you the very same experience. Making use of winbind, your equipment will certainly come to be a domain name participant ... and also customer accounts in Active Directory can be transparently mapped and also appointed UID/GID setups.

0
2019-05-09 00:21:02
Source

I have a number of hundred RHEL3, 4 and also 5 boxes keeping up Active Directory based customer - accounts. Every one of them run the very same arrangement, making use of nss_ldap and also pam_krb5. It functions wonderfully, it is sustained by all business Linux suppliers in the typical assistance alternative, due to the fact that it makes use of out - of - the - box devices and also it is unfailing. Ultimately, ADVERTISEMENT is simply Kerberos and also LDAP and also as well as to suppliers, those are standard, conveniently sustainable methods.

I have yet to face a trouble with this means of making use of ADVERTISEMENT that I can not address. Scott Lowe's documents here aided me a fair bit when originally making our remedy. It's not excellent, yet it'll aid you get underway. Scott's suggestion is to create a bind make up LDAP, which I'm not that keen on. An equipment that is participated ADVERTISEMENT can do LDAP questions with its very own qualifications, which is a whole lot saner, if you ask me.

Relying on your needs, you could intend to take a go back and also take into consideration whether you require a sustained remedy or otherwise. Due to the fact that wonderful as Likewise might be, it is rather pricey. Making use of the devices that feature every Linux distro by default and also are hence sustained, could be a little little bit extra difficult (yet that should not frighten an excellent Linux admin) yet is equally as excellent (or possibly much better, relying on your needs).

I can write in a little bit extra information concerning just how I did this, yet I do not have time for that now. Would certainly that be helpful?

0
2019-05-09 00:17:06
Source

Not specifically ADVERTISEMENT, yet I obtained a wonderful response to a comparable inquiry over below:

0
2019-05-08 23:32:44
Source

0
2019-05-08 18:49:38
Source

I very very very (very) advise making use of Likewise Open to do this. Every single time I speak about them, I seem like a paid shill, yet I'm not. It's simply actually that excellent.

Basically, you install the software program (pain-free, there's an RPM and also DEB intaller), run "domainjoin - cli domain.com adminuser", type the password for "adminuser", and afterwards your equipment becomes part of the ADVERTISEMENT domain name.

The one point that I do transform remains in the configuration, I activate the the think default domain name setup, due to the fact that I do not desire my customers to need to type their domain name every single time they connect to the equipment.

The advantages are massive. When you visit with ADVERTISEMENT qualifications, your UID and also GIDs are appointed based upon a hash, which suggests that they're the very same throughout the whole framework. This suggests that points like NFS job. On top of that, it's straightforward to get points like Samba and also Apache to confirm, given that Likewise sets up PAM.

Many Thanks to Likewise Open, there is not a solitary network - based solution that I supply that isn't confirmed versus ADVERTISEMENT.

0
2019-05-08 14:40:00
Source

PAM LDAP versus Active Directory need to function penalty.

0
2019-05-08 06:59:35
Source