2

I've got a network set up in the house with a Windows 2003 DC, a Windows 7 Workstation and a host of VMs doing various tasks running either XP Pro, Ubuntu or FreeBSD. Ideally I would love to have domain credentials work across all machines so that I could more easily manage identities, passwords etc.

Is there a good way to implement non-windows clients on a Windows domain?

kdmurray
  • 549
  • 3
  • 8
  • 19

4 Answers4

5

I have found likewise open works well and is easy to install.

Kyle Brandt
  • 83,619
  • 74
  • 305
  • 448
  • That looks like a great option. I'll give it a go this weekend! – kdmurray May 27 '09 at 02:01
  • Report back how you like it. I seem to recall trying this, but not getting too far. – Brent May 27 '09 at 02:34
  • If you want to have a Windows network with some Unix hosts it's a pretty good choice, but if you want to have full Unix support then there are other problems such as that the UIDs/GIDs won't match between any Unix users you have (say in LDAP) and the Unix emulation layer which Likewise Open provides on top of AD, unless you explicitly set the UIDs in LDAP to be the same as the numbers Likewise produces for you. – David Gardner Aug 22 '12 at 09:48
  • 2
    Likewise seems to have changed names and owners more than once. The link is dead now. – mhvelplund Nov 13 '19 at 06:15
  • 1
    It's dead, software was dissapear – rfmoz Sep 19 '20 at 08:56
5

Linux has PAM. This is great for setting up all kinds of fun unusual authentication. In your case, you want something like LDAP/Kerberos, where the Win2k3 DC servers as the source. Check out this doc on how to configure PAM to authenticate using winbind.

jldugger
  • 14,342
  • 20
  • 77
  • 129
1

The tool you want is winbind, which comes with samba. You can use this to register a machine on a windows domain. Password authentication against the domain can be done with pam_winbind. If your users have home directories on a win2kx server you can use SFU (Services for Unix) to export them via NFS off the server or mount the directory via samba.

A description of this can be found in the Winbind HOWTO on the samba web site.

ConcernedOfTunbridgeWells
  • 8,820
  • 2
  • 32
  • 52
0

I have achieved let only one AD_USER or AD_GROUP to ssh login the linux box via AD authentication.

The details are listed as here: (pay attention to step 7 and 8)

https://gist.githubusercontent.com/xianlin/8c09d916994dac7630b9/raw/ee07817a03bc5904a5404a7e7c94e08ea0c7560a/CentOS_AD_Integration

Xianlin
  • 665
  • 4
  • 15
  • 21