Solved

Linux Login using LDAP or Active Directory

Posted on 2016-09-01
4
141 Views
Last Modified: 2016-09-02
Hello Dears,

I want to configure my Linux Servers (Most of them are Ubuntu servers) in such a way that an LDAP account is used to login into the servers in order to administer them. My objective is to achieve Single Sign On and centralization for user accounts.

I know that there are many Open Source LDAP solutions around there, but I would like to know how would you compare an Open Source LDAP solution vs Active Directory. What are the operative differences between an Open Source LDAP or just use Active Directory? So far I prefer to use Active Directory as far as I can integrate it with other Microsoft applications and I like it much more the way that it is administered and its way of replicating the AD database between servers. (Licenses required by AD are not an issue for me).

But... I have never made it, and I wonder if I can have any limitations using the LDAP offered by AD.

Thanks.
0
Comment
Question by:Schnell Solutions
  • 2
4 Comments
 
LVL 29

Expert Comment

by:serialband
ID: 41780813
If you just need SSO authentication, you can install PowerbrokerOpen and "join" the domain.

Once installed, run:
domainjoin-cli join Domain.com Admin_account

and you will be able to connect to the linux system with your domain accounts.  You can add your admin accounts to a sudoers group and get root access.
0
 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 41780958
Using open ldap, you have to know what data you want in tge schema, the AD already has a schema encompassing data manageable through windows tools.

You have two option to integrate Linux into AD using samba/winbind. Winbind config within smb.conf using idmap will handle the uid/gid mappings.
The other option is to configure Linux systems as LDAP clients of the AD where you would need to adjust DC registry to listen accept requests on LDAP/LDAPS ports.

With LDAP you will gave to configure the base of the query while the smb/winbind .......

Another option, on the Windows side add services for UNIX (SFU) where you can add the NIS server and configure the Linux systems as NIS clients .........
0
 
LVL 14

Author Comment

by:Schnell Solutions
ID: 41782258
Do you know if there is any any security recommendation or best practice of using LDAP authentication rather than local authentication?
0
 
LVL 77

Expert Comment

by:arnold
ID: 41782305
You still have have local auth, for root and other service accounts, nail, etc.

I am not sure what you are asking, LDAP is a centrally managed login mechanism.
Securing the system does not depend on authentication/authorization methods.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question