[wellylug] Active Directory authentication in Linux

Daniel Reurich daniel at centurion.net.nz
Tue Apr 15 20:50:24 NZST 2014


Hi,

I something similar for a client a few years ago - Migrating from samba3 
+ openldap to AD (server 2008r2 I think).  Used nss for unix uid/gid 
mapping and kerberos GSSAPI for providing authentication to web and mail 
services sitting on the remaining.  In this situation the Windows Server 
admin setup all new accounts and migrated data to that and we manually 
remapped user accounts to the new uid/gid's.

I discounted using winbind because it added another point of complexity 
which wasn't required because in this case the file shares were moved 
from it's old samba server on to windows servers.  Of course this was 
all done and dusted well before Samba4 was anywhere near production ready.

Regards,
	Daniel.
	


On 02/12/13 15:47, Franck wrote:
> Hi,
>
> This is funny you're talking about it because I'm inside all the way
> from head to toe.
> I'm currently working about migrating from NIS to AD and the major
> problem for us is to carry history over to AD.
> I don't really care about mounting CIFS users directories as this part
> is handled by something else (common shared space across NFS and CIFS on
> the NAS head of the SAN). But it is a requirement to hold all UID/GID,
> groups information and all the automap features in AD as well. And this
> where it gets really dirty.
>
> It seems that it is quite simple if you want to start from scratch with
> AD, using some unix features but stock up automap and it's a mess.
>
> I tried the kerberos/winbind but it's doesn't include UID/GID mapping or
> translation, I need ldap to get this kind of information.
>
> I'm trying to build a setup with kerberos/SSSD for authentication and
> LDAP for automaps, it is not simple nor straight forward to be honest
> but the good thing is AD is quite malleable in my case.
>
> Jason mentioned the RedHat guide to RHEL 6 integration with AD and they
> are a very good source of information.
>
> Best Regards.
> Franck
>
> Le 19/11/13 21:21, Neil Ramsay a écrit :
>> Hi guys,
>>
>> I am looking at how to integrate Active Directory authentication in
>> Linux.
>> Many years ago, I got Linux authenticating against Kerberos/LDAP with
>> great success, but it was a very manual process.
>>
>> Has anyone done Active Directory authentication in Linux at work, and
>> what approach did you take?
>>
>> Cheers,
>> Neil
>>
>>
>
>
>


-- 
Daniel Reurich
Centurion Computer Technology (2005) Ltd.
021 797 722



More information about the wellylug mailing list