Solved

Linux Login using LDAP or Active Directory

Posted on 2016-09-01
4
115 Views
Last Modified: 2016-09-02
Hello Dears,

I want to configure my Linux Servers (Most of them are Ubuntu servers) in such a way that an LDAP account is used to login into the servers in order to administer them. My objective is to achieve Single Sign On and centralization for user accounts.

I know that there are many Open Source LDAP solutions around there, but I would like to know how would you compare an Open Source LDAP solution vs Active Directory. What are the operative differences between an Open Source LDAP or just use Active Directory? So far I prefer to use Active Directory as far as I can integrate it with other Microsoft applications and I like it much more the way that it is administered and its way of replicating the AD database between servers. (Licenses required by AD are not an issue for me).

But... I have never made it, and I wonder if I can have any limitations using the LDAP offered by AD.

Thanks.
0
Comment
Question by:Schnell Solutions
  • 2
4 Comments
 
LVL 28

Expert Comment

by:serialband
ID: 41780813
If you just need SSO authentication, you can install PowerbrokerOpen and "join" the domain.

Once installed, run:
domainjoin-cli join Domain.com Admin_account

and you will be able to connect to the linux system with your domain accounts.  You can add your admin accounts to a sudoers group and get root access.
0
 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 41780958
Using open ldap, you have to know what data you want in tge schema, the AD already has a schema encompassing data manageable through windows tools.

You have two option to integrate Linux into AD using samba/winbind. Winbind config within smb.conf using idmap will handle the uid/gid mappings.
The other option is to configure Linux systems as LDAP clients of the AD where you would need to adjust DC registry to listen accept requests on LDAP/LDAPS ports.

With LDAP you will gave to configure the base of the query while the smb/winbind .......

Another option, on the Windows side add services for UNIX (SFU) where you can add the NIS server and configure the Linux systems as NIS clients .........
0
 
LVL 14

Author Comment

by:Schnell Solutions
ID: 41782258
Do you know if there is any any security recommendation or best practice of using LDAP authentication rather than local authentication?
0
 
LVL 77

Expert Comment

by:arnold
ID: 41782305
You still have have local auth, for root and other service accounts, nail, etc.

I am not sure what you are asking, LDAP is a centrally managed login mechanism.
Securing the system does not depend on authentication/authorization methods.
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now