2

I'm using Active Directory to log into RHEL. To do this, I followed the steps outlined here:

http://www.markwilson.co.uk/blog/2007/05/using-active-directory-to-authenticate-users-on-a-linux-computer.htm

I'd like to be able to read data from Windows Servers shared folders without being prompted for a password.

On Windows I log into an AD domain, and when I access windows file shares on a server on the LAN (also part of the AD domain) my I can just access them with no authentication step.

I've used SMBclient on Linux to access these shares, but it asks for my password.

I would like to be able to script access to the data on the shares, but I can't if there's a password prompt in the way. Well, I could, but it's not how I want to do it.

Now, since I'm logged in using my active directory username & password, can't I just access the shares without jumping that extra hoop?

I know I can mount the share using something like:

//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw 0 0

but access will depend who is logged in... each user logging in should have their own unique AD access privelages.

Thanks for reading!

Kenny
  • 520
  • 1
  • 8
  • 24

2 Answers2

1

What you want is called Single-Sign-On. To achieve that, you must kerberize Linux. See http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html or similar.

Sorry, dont have the time to post the details.

Posipiet
  • 186
  • 1
  • "kerberize Linux" is really to vague for me to make sense of, sorry.. I am familiar with PuTTY, as that's how I'm accessing the server from my Windows machine. My problem is that I don't know how to allow programs running in Linux to Windows shares without a user having to type in a password again. They have already logged in to linux (via SSH) with their Active Directory credentials. – Kenny Mar 11 '10 at 15:50
  • Sorry - I am not aware of a way to achieve that without going through the whole shebang with Single-Sign-On. – Posipiet Mar 12 '10 at 10:17
  • @Kenny "Kerberize" here means to configure the Linux clients to act like Windows clients do when they're in a domain: they need to request a kerberos ticket for authentication. As Posipiet suggests, the industry term for this is single-sign on. [Here](http://redmondmag.com/articles/2005/01/01/linuxwindows-single-signon.aspx) is a fairly old article which deals with this. There are any number of other solutions out there, but I haven't had to work with it in so long that my searches only find this ancient stuff. The concepts are still correct, although they may be very different with Win2k8. – Bacon Bits Jun 03 '11 at 04:58
0

In GNOME you can store your username and password in the keyring then anythime you pull up a file/folder in a program that support gVFS it will automatically login and "mount" the share.

I'd be amazed if there isn't something almost identicle in KDE; but I don't use KDE.

The big problem you're going to run into is that root mounts shares like that. So unless loging in with AD creds gets your root access to the machine the user wont be able to mount the share. I also don't believe Samba caches your login creds, but I could be mistaken, it's been a while since I did AD auth.

Chris S
  • 77,337
  • 11
  • 120
  • 212
  • Hi, Thanks for that, but I intend allowing data access to applications running via the command line. – Kenny Mar 11 '10 at 15:48