Consolidated logins windows/linux

[James McDonald]

Collins Richey wrote:
> Our company has split, and over the next 2 years our administrative
> group will be taking over legacy applications from the main company as
> well as new applications. We will probably not be able to avoid
> Microsoft Outlook and all that that entails, yecch!
>
> What we are interested in doing is providing a central authentication
> facility for both OS environments. Obviously but sickeningly we could
> base this on Active Directory. We use LDAP for the Linux environment,
> and I've heard that with the use of Kerberos we could point the
> windows machines to our LDAP server.
>   
SSO (Single Sign On) for both Windows Linux.

If you configure winbindd and also kerebos to point to active directory 
you can get your single sign on. I presume it's generally easier for 
Linux to play with windows than get Windows clients to talk to Linux LDAP.

However if someone hasn't logged onto your Linux box before you will 
need to use something like pam_mkhomedir.so to create the home directory 
as they log in.

I use the kerberised telnet daemon which talks to the Active Directory 
Server and also have winbindd setup to provide samba shares the ability 
to authenticate against AD.

 From memory RHELx has a nice curses config utility for it by running 
'setup' or 'authconfig-tui'.

In the end you should be able to "getent passwd username" or "getent 
groups groupname" and return the AD user/group. The same with wbinfo -u 
or wbinfo -g run on the linux boxen should return all your AD users/groups.

I also recall you can dabble in /etc/pam.d/ and point your various 
services to use AD aswell.