Linux.com

Home Linux Community Forums Linux System Administration Network Management how to authenticate domain users to openldap

how to authenticate domain users to openldap

Link to this post 24 Feb 10

I think this question has been asked by many people but I still can't seem to find the answer for it. I would like to have my Windows Active Directory users, either logon to the domain using desktop or Termainal server, to authenticate to an Openldap server so that they can access resource on the linux machines. I tried Microsoft's Service for Unix but it only support NIS or password file synchronization.

Thanks

Link to this post 24 Feb 10

Are you using LDAP or active directory for user control and what OS are the users using to access the resources?

Link to this post 24 Feb 10

We have two directory services, Active Directory and Openldap. Active Directory is responsible for Windows resources and Openldap is responsible for Linux resource. My intention is to allow Windows users, which logon to the Windows domain through their Windows desktops or Terminal server, to be able to access the resources on the linux servers.

Thanks

Link to this post 24 Feb 10

It sounds like the approach is off, you will want to synchronize your openldap database with the active directory database. I have not tried this yet, but I did find information about the LSC project (http://lsc-project.org/wiki/about/start) which sounds promising for your needs.

Link to this post 25 Feb 10

Or, you can always do away with the OpenLDAP server altogether. Why run 2 different LDAP directories, and try to synchronize them? PAM already support authenticating against LDAP and again Kerberos. AD is essentially both of those things. If you are not comfortable configuring PAM and Samba to work with AD, there is a company that provides software for that (there is an OSS edition) called Likewise. I've used that in the past with great success. It will allow AD users to log into Linux machines, and will even create their Home Dirs, etc. This will eliminate the need to keep 2 directories, and the concerns that arrise from trying to keep things synchronized.

just my $0.02

Link to this post 25 Feb 10

Great input adam, I will have to try likewise to see how it works.

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board