[wellylug] Active Directory authentication in Linux
david.antliff at gmail.com
Wed Nov 20 09:17:57 NZDT 2013
I've worked on sites that used winbind, Centrify and Likewise. Of all of
those, I think Centrify worked most reliably. Winbind was unreliable.
Likewise seemed promising for a time.
On Wed, Nov 20, 2013 at 7:20 AM, David Anso <david at anso.net.nz> wrote:
> I have a large customer who uses winbind for their A/D integration. I've
> seen winbind die and the need for a local account to login and restart it
> (on a few occasions). That said you are likely to have this sort of problem
> occasionally with any large install base.
> Looks like the how to for winbind magic is here:
> In our office we use the centrify client (the free one) on Mac and Linux
> against the latest A/D (built fresh on 2012 servers). It seems to work
> quite well.
> Previously we were running the pam-ldap packages against our two Mac
> directory servers. This worked, but it felt like you had to really think
> out what you wanted to end up with carefully so as to not have to revisit
> every machine and reconfigure over and over again.
> In fairness I haven't done much of the hands on work with any of the three
> but I would be inclined to evaluate them in the order of Centrify,
> Winbind and then native Pam-ldap if I did have to do something for myself.
> The reason I leave Pam-ldap to last is because A/D is more than just LDAP.
> You can potentially enforce more of you A/D policy if you integrate with it
> in a way that seems more "Native" to it.
> On Tuesday, November 19, 2013, Neil Ramsay wrote:
>> Hi guys,
>> I am looking at how to integrate Active Directory authentication in Linux.
>> Many years ago, I got Linux authenticating against Kerberos/LDAP with
>> great success, but it was a very manual process.
>> Has anyone done Active Directory authentication in Linux at work, and
>> what approach did you take?
>> Wellington Linux Users Group Mailing List: wellylug at lists.wellylug.org.nz
>> To Leave: http://lists.wellylug.org.nz/mailman/listinfo/wellylug
> Wellington Linux Users Group Mailing List: wellylug at lists.wellylug.org.nz
> To Leave: http://lists.wellylug.org.nz/mailman/listinfo/wellylug
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the wellylug