Solved

Linux Login using LDAP or Active Directory

Posted on 2016-09-01
4
78 Views
Last Modified: 2016-09-02
Hello Dears,

I want to configure my Linux Servers (Most of them are Ubuntu servers) in such a way that an LDAP account is used to login into the servers in order to administer them. My objective is to achieve Single Sign On and centralization for user accounts.

I know that there are many Open Source LDAP solutions around there, but I would like to know how would you compare an Open Source LDAP solution vs Active Directory. What are the operative differences between an Open Source LDAP or just use Active Directory? So far I prefer to use Active Directory as far as I can integrate it with other Microsoft applications and I like it much more the way that it is administered and its way of replicating the AD database between servers. (Licenses required by AD are not an issue for me).

But... I have never made it, and I wonder if I can have any limitations using the LDAP offered by AD.

Thanks.
0
Comment
Question by:Schnell Solutions
  • 2
4 Comments
 
LVL 27

Expert Comment

by:serialband
Comment Utility
If you just need SSO authentication, you can install PowerbrokerOpen and "join" the domain.

Once installed, run:
domainjoin-cli join Domain.com Admin_account

and you will be able to connect to the linux system with your domain accounts.  You can add your admin accounts to a sudoers group and get root access.
0
 
LVL 76

Accepted Solution

by:
arnold earned 500 total points
Comment Utility
Using open ldap, you have to know what data you want in tge schema, the AD already has a schema encompassing data manageable through windows tools.

You have two option to integrate Linux into AD using samba/winbind. Winbind config within smb.conf using idmap will handle the uid/gid mappings.
The other option is to configure Linux systems as LDAP clients of the AD where you would need to adjust DC registry to listen accept requests on LDAP/LDAPS ports.

With LDAP you will gave to configure the base of the query while the smb/winbind .......

Another option, on the Windows side add services for UNIX (SFU) where you can add the NIS server and configure the Linux systems as NIS clients .........
0
 
LVL 14

Author Comment

by:Schnell Solutions
Comment Utility
Do you know if there is any any security recommendation or best practice of using LDAP authentication rather than local authentication?
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
You still have have local auth, for root and other service accounts, nail, etc.

I am not sure what you are asking, LDAP is a centrally managed login mechanism.
Securing the system does not depend on authentication/authorization methods.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

You ever wonder how to backup Linux system files just like Windows System Restore?  Well you can use Timeshift in Linux to perform those similar action.  This tutorial will show you how to backup your system files and keep regular intervals. Note…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now