OT - AD Admin - WAS: Rudimentary article on joining Linux to active directory
Bryan O'Neal
BONeal at cornerstonehome.com
Thu Jul 26 17:22:08 MST 2007
Open AD Users and Computers, right click on the user, go to accounts,
click the Log Onto button and select the allowed computers.
Alternately you can restrict who can read and write to the computer in
the computers properties security tab, however this is very heavy handed
and restricts all access not just counsel level logins.
Alternately you can move the computer to another container, such as the
server container, and have a group policy that only certain people can
log into computers in that container (Google active directory managing
group policies, it gets tricky if you don't do it all the time) but
this is the preferred method
The KDC should not issue a certificate to a computer that it can not
access.
-----Original Message-----
From: plug-discuss-bounces at lists.plug.phoenix.az.us
[mailto:plug-discuss-bounces at lists.plug.phoenix.az.us] On Behalf Of Dan
Lund
Sent: Wednesday, July 25, 2007 9:05 PM
To: Main PLUG discussion list
Subject: Re: Rudimentary article on joining Linux to active directory
You can do it under AD?
I didn't realize that... what's the proper way?
Forgive me, but it'd be nice to know this :)
On 7/25/07, Bryan O'Neal <BONeal at cornerstonehome.com> wrote:
> You restrict it using either the appropriate pam config, or two (the
way
> I do it) using windows active directory. I know, I am evil, I didn't
> even try it under Linux, I went right to the authenticating server and
> restricted it their using a nice windows gui that has worked for me
for
> so many years now... Sigh,
>
> Any one know a better answer?
>
>
>
> -----Original Message-----
> From: plug-discuss-bounces at lists.plug.phoenix.az.us
> [mailto:plug-discuss-bounces at lists.plug.phoenix.az.us] On Behalf Of
Dan
> Lund
> Sent: Monday, July 23, 2007 9:07 AM
> To: Main PLUG discussion list
> Subject: Re: Rudimentary article on joining Linux to active directory
>
> Done this before, the one thing I want to know is how to make it so
only
>
> a certain group or user can log in via the AD login information.
>
>
> Bryan O'Neal wrote:
> >
> > This is clearly written from a windows users point of view, and is
> > mildly simplistic, but it is not a bad article
> >
> >
> >
> >
>
http://searchwinit.techtarget.com/tip/0,289483,sid1_gci1264223,00.html?t
> rack=NL-118&ad=596213&asrc=EM_NLN_1822926&uid=6232170
> >
>
<http://searchwinit.techtarget.com/tip/0,289483,sid1_gci1264223,00.html?
> track=NL-118&ad=596213&asrc=EM_NLN_1822926&uid=6232170>
> >
> >
> >
> >
> >
> > **Bryan O'Neal***
> > Cornerstone Homes & Development, Inc.*
> > 4220 E. McDowell Rd Ste. #108
> > Mesa, AZ 85215
> > (480) 505-1900
> >
> >
> >
> >
>
------------------------------------------------------------------------
> >
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> > To subscribe, unsubscribe, or to change your mail settings:
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
"Courage is like love; it must have hope to nourish it."
-Napoleon Bonaparte
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
More information about the PLUG-discuss
mailing list