AD Auth (was Re: Windows 8 demo video parody)

Michael Butash michael at butash.net
Tue Jan 1 15:41:37 MST 2013 

On 12/31/2012 04:21 PM, Lisa Kachold wrote:
> Lee Reynolds:
>
>     True, but getting a Linux system to work with AD in terms of
>     allowing users to log in using AD authentication, use their home
>     directories, etc, etc, is tricky.
>
>
> REALLY?  I will have to clue in the 4 companies I have implemented this
> for over the last 6 years?
> Run a quick google and you will see how easy it really is.
>
>

Just out of curiosity, what do you all use for ad auth/integration (or 
if you bother)?  I know setting up kerberos, samba, etc manually works, 
but I'd always found it somewhat a pain until likewise-open became 
mainstream packaged.  It's one command to trust it to the domain, and I 
simply add admin groups as sudoers.  Can get way more granular with rbac 
from there, but most times I don't end up needing to bother.

sudo apt-get install likewise-open
sudo domainjoin-cli join --ou assets/phx1/svr/lin ad.corpdomain.com username

## visudo and add ad groups

## likewise ad groups
%DOMAIN\\it-lin-manager1 ALL=(ALL) ALL

## done!

I've worked in a company that use Centrify for the same thing (Cisco 
oem's it in their linux appliances when ad integration is needed too), 
but seems way more functional than the biz used in my experience
(ad logins, uid/gid enumerations), and it supported unixes they had here 
and there too.  Likewise enterprise looks awesome, extending the ldap 
schema in AD to manage linux boxen with gpo's, but the cost is 
prohibitive enough for me to even bother testing in my lab (home) to 
recommend to anyone.  Sadly no keygens floating around for either to 
even play with them, so rather hard to recommend one over another (or 
upsell from free version) for a big spend.  Their loss, I don't buy 
before I try, and I'm not keen on crippled or time-locked demo's.

Sysadmin is more of a personal interest, and usually don't consult 
directly for systems vs network/security that is my staple, so people 
don't usually ask me outside of casual chat.  However, anytime I do 
deploy customer linux systems these days, and extensible admin ability 
is essential, so I'm curious what other practical solutions folks use 
and like here for the role.

-mb

More information about the PLUG-discuss mailing list