[Novalug] Authenticating against Active Directory

Ken Kauffman kkauffman@headfog.com
Wed Jul 25 13:21:56 EDT 2007


Could you leverage LDAP for this integration and forgo all the AD direct
integrations?  Then you could just use the LDAP groups in Linux, which has
greater support.

Or am I off on this?

Ken

On Wed, July 25, 2007 13:04, Jeff Stoner wrote:
> On Wed, 25 Jul 2007, Ben Creitz wrote:
>
>> I am trying to get a feel for what to expect when I set up an RHEL
>> server to authenticate against Active Directory.  I basically want the
>> machine to allow logons from local (/etc/passwd) accounts as well as
>> accounts from a specific AD security group.  Is anybody doing this?
>> Any gotchas worth commenting on?  Thanks!
>
> We're finializing the process and scripting most of the manual stuff. So
> far, group names, on the Linux-side, are problematic (for us - it may have
> been how the AD admin set up AD...I only look at the Linux part.)
>
> One of the problems for retro-fitting an existing infrastructure is
> UID/GID changes. Basically, we definied a range of UIDs and GIDs that are
> for AD accounts and another range that are local accounts (and, of course,
> a range for system accounts.) Migrating users may require a good ol' "find
> / -uid = 500 -exec chown user {} \;" type of step (depending on how
> messy users and daemons are with their file trees.)
>
> I'm not on my VPN so I can't pull and config file examples right now.
>
> More to come.
>
> --Jeff
>
> "I am not available for comment"
>
> _______________________________________________
> Novalug mailing list
> Novalug@calypso.tux.org
> http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug
>





More information about the Novalug mailing list