[Novalug] Linux Active Directory Authentication w/Centrify Express. Any gotchas?

Brander Snaxe brandon20va@yahoo.com
Thu Jul 7 12:49:12 EDT 2011


Likewise seems a decent choice considering it is open source.

I'll try that. Thanks.


----- Original Message -----
From: Jason Kohles <jkohles@palantir.com>
To: Brander Snaxe <brandon20va@yahoo.com>; Matt Ahrens <matt.ahrens@gmail.com>
Cc: novalug mailing list <novalug@calypso.tux.org>
Sent: Thursday, July 7, 2011 11:02 AM
Subject: Re: [Novalug] Linux Active Directory Authentication w/Centrify Express. Any gotchas?

If your AD servers are Windows Server 2003 or newer then the schema
elements you need are already included, so you don't have to change
anything...

Likewise Open is another option that is pretty quick and easy to get
going...

-- 
Jason Kohles
Palantir Technologies | UNIX Systems Engineer
jkohles@palantir.com  | 703.957.5784







On 7/7/11 10:59 AM, "Brander Snaxe" <brandon20va@yahoo.com> wrote:

I'm open to either. I just want something that can be implemented quickly,
simple to document, and easy to replicate across multiple Linuxes.

One HOWTO mentioned changing the AD schema itself, and I felt that to be
slightly invasive and not necessarily simple.


----- Original Message -----
From: Matt Ahrens <matt.ahrens@gmail.com>
To: Brander Snaxe <brandon20va@yahoo.com>
Cc: novalug mailing list <novalug@calypso.tux.org>
Sent: Thursday, July 7, 2011 9:52 AM
Subject: Re: [Novalug] Linux Active Directory Authentication w/Centrify
Express. Any gotchas?

Do you want an open source solution, or a supported solution?

Centrify is essentially a nice management wrapper around Windows
Services for Unix and Kerberos/sudo.  You can do all of the functions
Centrify does by implementing MS/Windows services for unix and PAM's
kerberos plugin, but you won't get the reporting framework that
Centrify includes.

One cool thing you'll receive by implementing Kerberos authentication
is that users can ride their windows sessions with modified putty
binaries and not enter a password to login.  The underlying OS will
pass a kerberos ticket for authentication, and this works on OSX and
Windows to the best of my knowledge.

Matt

On Thu, Jul 7, 2011 at 9:46 AM, Brander Snaxe <brandon20va@yahoo.com>
wrote:
> I run a mixed environment with Linux and Windows servers. We rely
>heavily on Active Directory for our Windows machines. I'd like to
>centralize authentication on my Linux servers (only a handful at the
>moment) to use AD as well. I've read some HOWTOs on the web and it seems
>this isn't straightforward. I also run different versions of Linux
>depending on the need (Ubuntu, CentOS mainly).
>
> I see that Centrify offers a free solution that provides centralized
>authentication. Has anybody used this? Are there any issues? Are there
>better solutions?
>
> Thanks,
>   Brandon
> _______________________________________________
> Novalug mailing list
> Novalug@calypso.tux.org
> http://calypso.tux.org/mailman/listinfo/novalug
>

_______________________________________________
Novalug mailing list
Novalug@calypso.tux.org
http://calypso.tux.org/mailman/listinfo/novalug



More information about the Novalug mailing list