Integration AD with Linux Client

G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

I'm working on windows 2000 domain, at the same time I have 2 servers
running Slackware where I am running 2 monitoring applications, but those
applications are asking me for windows credentials to start up the monitoring
sevices.

How may I authenticate my Linux box client against the Acitve Directory. I
mean i need to find a way that LDAP validate my linux client ?

Thanks any comments !!
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

In news:CDF8FFC4-EBAE-481C-B583-DD75D08551A7@microsoft.com,
Misaro <Misaro@discussions.microsoft.com> made this post, which I then
commented about below:
> I'm working on windows 2000 domain, at the same time I have 2 servers
> running Slackware where I am running 2 monitoring applications, but
> those applications are asking me for windows credentials to start up
> the monitoring sevices.
>
> How may I authenticate my Linux box client against the Acitve
> Directory. I mean i need to find a way that LDAP validate my linux
> client ?
>
> Thanks any comments !!

As far as I can see, you would need to install SAMBA on it and bind it (sort
of like joining) to AD as an NTLM client. I'm not sure if Kerberos services
work with Linux, since I stopped playing around wtih it a few years ago, but
if it does, you can bind it to AD using kerberos.

Here's some more specific info:

Linux.com Unite your Linux and Active Directory authentication:
http://enterprise.linux.com/article.pl?sid=04/12/09/2318244&tid=102&tid=101&tid=100

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Yes you can kerberize linux and unix clients. The issues tend to be in the dists
available for the *nixs though. Microsoft really hides the complexity of
kerberos from users and admins.

The easiest way to accomplish kerberos on linux/unix is to look at the products
from Centrify or Vintela. They have take most of the difficulty out of it.


--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


Ace Fekay [MVP] wrote:
> In news:CDF8FFC4-EBAE-481C-B583-DD75D08551A7@microsoft.com,
> Misaro <Misaro@discussions.microsoft.com> made this post, which I then
> commented about below:
>
>>I'm working on windows 2000 domain, at the same time I have 2 servers
>>running Slackware where I am running 2 monitoring applications, but
>>those applications are asking me for windows credentials to start up
>>the monitoring sevices.
>>
>>How may I authenticate my Linux box client against the Acitve
>>Directory. I mean i need to find a way that LDAP validate my linux
>>client ?
>>
>>Thanks any comments !!
>
>
> As far as I can see, you would need to install SAMBA on it and bind it (sort
> of like joining) to AD as an NTLM client. I'm not sure if Kerberos services
> work with Linux, since I stopped playing around wtih it a few years ago, but
> if it does, you can bind it to AD using kerberos.
>
> Here's some more specific info:
>
> Linux.com Unite your Linux and Active Directory authentication:
> http://enterprise.linux.com/article.pl?sid=04/12/09/2318244&tid=102&tid=101&tid=100
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

In news:uF5RyGosFHA.1252@TK2MSFTNGP09.phx.gbl,
Joe Richards [MVP] <humorexpress@hotmail.com> made this post, which I then
commented about below:
> Yes you can kerberize linux and unix clients. The issues tend to be
> in the dists available for the *nixs though. Microsoft really hides
> the complexity of kerberos from users and admins.
>
> The easiest way to accomplish kerberos on linux/unix is to look at
> the products from Centrify or Vintela. They have take most of the
> difficulty out of it.

Cool. Thanks Joe. I didn't know those two existed.

I've previously kerberized a Mac OSx 10.3 Panther server to a client's AD.
That was an interesting project and learned quite a bit. The utilities to do
that were built in between Apple (AD plugin) and native kerberos
functionality in BSD. That was why I wasn't sure about Linux. There's
another post earlier with a similar question about OSx and AD, if you want
to jump in on. I posted some relevant links for the poster.

Here's the Original Thread:
From: Eliot, Eliot@discussions.microsoft.com
Subject: Mac OSX Clients in AD server environment - anomalies
Date: Sun, 4 Sep 2005 18:14:02 -0700

Thanks Joe,

Ace
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

You get true SSO (don't have to enter a password a second time) if you use a
product that enables LDAP & Kerberos to bridge between Linux and Unix. If you
use an LDAP only product then you authenticate to Active Directory but you
have to authenticate to AD everytime you need to access something. So, you've
partially solved your problem. Vintela Authentication Services (VAS) provides
the true SSO between the environments.
--
Jackson Shaw
Quest Software


"Ace Fekay [MVP]" wrote:

> In news:uF5RyGosFHA.1252@TK2MSFTNGP09.phx.gbl,
> Joe Richards [MVP] <humorexpress@hotmail.com> made this post, which I then
> commented about below:
> > Yes you can kerberize linux and unix clients. The issues tend to be
> > in the dists available for the *nixs though. Microsoft really hides
> > the complexity of kerberos from users and admins.
> >
> > The easiest way to accomplish kerberos on linux/unix is to look at
> > the products from Centrify or Vintela. They have take most of the
> > difficulty out of it.
>
> Cool. Thanks Joe. I didn't know those two existed.
>
> I've previously kerberized a Mac OSx 10.3 Panther server to a client's AD.
> That was an interesting project and learned quite a bit. The utilities to do
> that were built in between Apple (AD plugin) and native kerberos
> functionality in BSD. That was why I wasn't sure about Linux. There's
> another post earlier with a similar question about OSx and AD, if you want
> to jump in on. I posted some relevant links for the poster.
>
> Here's the Original Thread:
> From: Eliot, Eliot@discussions.microsoft.com
> Subject: Mac OSX Clients in AD server environment - anomalies
> Date: Sun, 4 Sep 2005 18:14:02 -0700
>
> Thanks Joe,
>
> Ace
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

In news:FFD39001-38B5-47F2-B070-9766285C31A8@microsoft.com,
JacksonS <JacksonS@discussions.microsoft.com> made this post, which I then
commented about below:
> You get true SSO (don't have to enter a password a second time) if
> you use a product that enables LDAP & Kerberos to bridge between
> Linux and Unix. If you use an LDAP only product then you authenticate
> to Active Directory but you have to authenticate to AD everytime you
> need to access something. So, you've partially solved your problem.
> Vintela Authentication Services (VAS) provides the true SSO between
> the environments.

Thanks, Jackson. Good to know.

Ace
 

ASK THE COMMUNITY