Solved

Linux Login using LDAP or Active Directory

Posted on 2016-09-01
4
182 Views
Last Modified: 2016-09-02
Hello Dears,

I want to configure my Linux Servers (Most of them are Ubuntu servers) in such a way that an LDAP account is used to login into the servers in order to administer them. My objective is to achieve Single Sign On and centralization for user accounts.

I know that there are many Open Source LDAP solutions around there, but I would like to know how would you compare an Open Source LDAP solution vs Active Directory. What are the operative differences between an Open Source LDAP or just use Active Directory? So far I prefer to use Active Directory as far as I can integrate it with other Microsoft applications and I like it much more the way that it is administered and its way of replicating the AD database between servers. (Licenses required by AD are not an issue for me).

But... I have never made it, and I wonder if I can have any limitations using the LDAP offered by AD.

Thanks.
0
Comment
Question by:Schnell Solutions
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 30

Expert Comment

by:serialband
ID: 41780813
If you just need SSO authentication, you can install PowerbrokerOpen and "join" the domain.

Once installed, run:
domainjoin-cli join Domain.com Admin_account

and you will be able to connect to the linux system with your domain accounts.  You can add your admin accounts to a sudoers group and get root access.
0
 
LVL 79

Accepted Solution

by:
arnold earned 500 total points
ID: 41780958
Using open ldap, you have to know what data you want in tge schema, the AD already has a schema encompassing data manageable through windows tools.

You have two option to integrate Linux into AD using samba/winbind. Winbind config within smb.conf using idmap will handle the uid/gid mappings.
The other option is to configure Linux systems as LDAP clients of the AD where you would need to adjust DC registry to listen accept requests on LDAP/LDAPS ports.

With LDAP you will gave to configure the base of the query while the smb/winbind .......

Another option, on the Windows side add services for UNIX (SFU) where you can add the NIS server and configure the Linux systems as NIS clients .........
0
 
LVL 14

Author Comment

by:Schnell Solutions
ID: 41782258
Do you know if there is any any security recommendation or best practice of using LDAP authentication rather than local authentication?
0
 
LVL 79

Expert Comment

by:arnold
ID: 41782305
You still have have local auth, for root and other service accounts, nail, etc.

I am not sure what you are asking, LDAP is a centrally managed login mechanism.
Securing the system does not depend on authentication/authorization methods.
0

Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question