Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Linux Login using LDAP or Active Directory

Posted on 2016-09-01
4
Medium Priority
?
217 Views
Last Modified: 2016-09-02
Hello Dears,

I want to configure my Linux Servers (Most of them are Ubuntu servers) in such a way that an LDAP account is used to login into the servers in order to administer them. My objective is to achieve Single Sign On and centralization for user accounts.

I know that there are many Open Source LDAP solutions around there, but I would like to know how would you compare an Open Source LDAP solution vs Active Directory. What are the operative differences between an Open Source LDAP or just use Active Directory? So far I prefer to use Active Directory as far as I can integrate it with other Microsoft applications and I like it much more the way that it is administered and its way of replicating the AD database between servers. (Licenses required by AD are not an issue for me).

But... I have never made it, and I wonder if I can have any limitations using the LDAP offered by AD.

Thanks.
0
Comment
Question by:Schnell Solutions
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 30

Expert Comment

by:serialband
ID: 41780813
If you just need SSO authentication, you can install PowerbrokerOpen and "join" the domain.

Once installed, run:
domainjoin-cli join Domain.com Admin_account

and you will be able to connect to the linux system with your domain accounts.  You can add your admin accounts to a sudoers group and get root access.
0
 
LVL 79

Accepted Solution

by:
arnold earned 2000 total points
ID: 41780958
Using open ldap, you have to know what data you want in tge schema, the AD already has a schema encompassing data manageable through windows tools.

You have two option to integrate Linux into AD using samba/winbind. Winbind config within smb.conf using idmap will handle the uid/gid mappings.
The other option is to configure Linux systems as LDAP clients of the AD where you would need to adjust DC registry to listen accept requests on LDAP/LDAPS ports.

With LDAP you will gave to configure the base of the query while the smb/winbind .......

Another option, on the Windows side add services for UNIX (SFU) where you can add the NIS server and configure the Linux systems as NIS clients .........
0
 
LVL 14

Author Comment

by:Schnell Solutions
ID: 41782258
Do you know if there is any any security recommendation or best practice of using LDAP authentication rather than local authentication?
0
 
LVL 79

Expert Comment

by:arnold
ID: 41782305
You still have have local auth, for root and other service accounts, nail, etc.

I am not sure what you are asking, LDAP is a centrally managed login mechanism.
Securing the system does not depend on authentication/authorization methods.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question