Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 377
  • Last Modified:

howto authenticate Windows login from linux

I have a linux webserver in a SBS 2008 domain. When users connect to the server, I want to verify their identity by having them log in.

Is there some "function" rcp, ... whatever I can call/run on the Linux side, passing the user's Windows ID and password, that will return a simple YES/NO?

The idea here is that I want to verify the user without having to use a separate ID and password for the user to remember.
0
jmarkfoley
Asked:
jmarkfoley
  • 2
1 Solution
 
wesly_chenCommented:
0
 
Cliff GaliherCommented:
You mentioned that this is a web server so I am unclear whether you want single sign on for shell access (telnet/ssh) or authenticated web access.

For the former, you can configure a PAM module to perform LDAP authentication against active directory.

The latter will be specific to the web server you are using, but again will rely on configuring LDAP and/or Kerberos authentication. Apache, for example, has a module that can do this; the specifics of configuring that price is in tge module documentation.

One final consideration is if the server is going to be Internet accessible. If so, you'll want to configure some intrusion prevention methods (IP blocking on x number of failed logins, etc) to mitigate brute-force harvesting...and setting up a DMZ is also a good idea.

-Cliff

-Cliff
0
 
jmarkfoleyAuthor Commented:
Sorry for the delay in response -- lots of fires to put out.

wesly_chen - I've been looking at the links you sent. Lots of good info and things to try. Experimenting could take some time, so I might close this question and play around on a virgin machine, then come back.

cgaliher - The idea is to authenticate only users who have accounts on the in-office Windows domain. These users will be able to access special pages. Once authenticated, I don't need to worry about access to the domain hosts using their authenticated accounts, so no ssh or anything like just. It is simply for verifying their domain id and PW. Given that, do you concur with wesly_chen about use of Kerberos. What do you mean "Apache ... has a moduel that can do this"? It that module the tge module? Your sentence is not clear on this point.
0
 
jmarkfoleyAuthor Commented:
Haven't finished researching the solution yet. Will investigate and experiment, then possibly return with questions.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now