[wellylug] Active Directory authentication in Linux

David Antliff david.antliff at gmail.com
Wed Nov 20 09:17:57 NZDT 2013


I've worked on sites that used winbind, Centrify and Likewise. Of all of
those, I think Centrify worked most reliably. Winbind was unreliable.

http://www.centrify.com/downloads/public/comparing-centrify-versus-likewise-open-and-windbind.pdf

Likewise seemed promising for a time.

-- David.



On Wed, Nov 20, 2013 at 7:20 AM, David Anso <david at anso.net.nz> wrote:

> I have a large customer who uses winbind for their A/D integration. I've
> seen winbind die and the need for a local account to login and restart it
> (on a few occasions). That said you are likely to have this sort of problem
> occasionally with any large install base.
>
> Looks like the how to for winbind magic is here:
> http://wiki.samba.org/index.php/Samba_%26_Active_Directory
>
> In our office we use the centrify client (the free one) on Mac and Linux
> against the latest A/D (built fresh on 2012 servers). It seems to work
> quite well.
>
>
> http://www.centrify.com/express/free-active-directory-tools-for-linux-mac.asp
>
> Previously we were running the pam-ldap packages against our two Mac
> directory servers. This worked, but it felt like you had to really think
> out what you wanted to end up with carefully so as to not have to revisit
> every machine and reconfigure over and over again.
>
> In fairness I haven't done much of the hands on work with any of the three
> but I would be inclined to evaluate them in the order of Centrify,
> Winbind and then native Pam-ldap if I did have to do something for myself.
>
> The reason I leave Pam-ldap to last is because A/D is more than just LDAP.
> You can potentially enforce more of you A/D policy if you integrate with it
> in a way that seems more "Native" to it.
>
>
> Cheers
> David
>
>
>
> On Tuesday, November 19, 2013, Neil Ramsay wrote:
>
>> Hi guys,
>>
>> I am looking at how to integrate Active Directory authentication in Linux.
>> Many years ago, I got Linux authenticating against Kerberos/LDAP with
>> great success, but it was a very manual process.
>>
>> Has anyone done Active Directory authentication in Linux at work, and
>> what approach did you take?
>>
>> Cheers,
>> Neil
>>
>>
>> --
>> Wellington Linux Users Group Mailing List: wellylug at lists.wellylug.org.nz
>> To Leave:  http://lists.wellylug.org.nz/mailman/listinfo/wellylug
>>
>
>
> --
> Wellington Linux Users Group Mailing List: wellylug at lists.wellylug.org.nz
> To Leave:  http://lists.wellylug.org.nz/mailman/listinfo/wellylug
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wellylug.org.nz/pipermail/wellylug/attachments/20131120/c3568c46/attachment-0001.html>


More information about the wellylug mailing list