[Novalug] Linux and Windows AD

Derek LaHousse dlahouss@mtu.edu
Mon Sep 23 22:03:49 EDT 2013


I think you're saying that instead of showing your uid by number, it
shows your name.  That's just because AD is tied into nss, probably as
if it were LDAP.  AD is basically LDAP with Kerberos, right?

I personally use Arthur de Jong's nss-pam-ldapd for my laptop's login
against my home LDAP, but at work with a CentOS system, it seems sssd is
the way.

On Tue, 2013-09-24 at 09:52 +1200, Mark Smith wrote:
> we use this sort of setup here.  we use likewise for everything.
> it's integrated with PAM for general purposes.  it is used for login,
> ssh, sudo, ls, web services, password changing, and some other things.
> i'm sure it's a nightmare for the admin's, but from my point of view
> it mostly just works.
> 
> i think the big surprise in that list is 'ls' for me.  there is no
> entry for login name in /etc/passwd.  when i do 'ls -l' it still shows
> my login name.
> 
> it seems to work okay with wireless devices (e.g. laptops) with the same
> caveats as AD.
> 
> good luck.
> 
> On Mon, Sep 23, 2013 at 12:49:16PM -0400, Nick Danger wrote:
> > The new plan for the IT Infrastructure is to use Windows AD as the be
> > all end all data/authentication/organization of things. Which means I
> > need to integrate the Linux infrastructure into using Windows. I have a
> > bunch of them doing AD authentication for logging in but I am sure this
> > was a not so great hacky way. There are lots of sites about how to get
> > auth working, and other various bits working, but the methods are all
> > over the place using various combinations of software. Its hard to get
> > an idea of "best practice" from that.
> > 
> > Anyone have books/sites/classes to recommend? I noticed there was an
> > official RedHat class but it looks like mostly "How to do with LDAP"
> > then a little but on windows ad. I could be wrong there, Im just going
> > by the quick description.
> > 
> > Any suggestions are welcome :-)
> 




More information about the Novalug mailing list