I'm trying to centralize user login information via Active Directory. Currently I have AD running on Server 2008 R2. I do have Identity Management for UNIX installed on it. I also have a few Linux clients mainly using CentOS 5.X and Fedora 14. I've set up Samba on a CentOs machine and have joined the machines to the AD domain. Users in AD are able to login to Linux clients using the AD credentials. My question is that is it possible for the Linux users to login to Windows machines. I'm new to setting up integration as well Samba. Is there any setting in Samba that'll allow the users in Linux machines to login to Windows? I'd appreciate any help/tips/suggestions. Thank you very much.
Asked
Active
Viewed 326 times
1 Answers
2
It's certainly possible if you add the Linux users to Active Directory.
Samba doesn't do much for you here. The real "magic" is being done by LDAP and Kerberos. In an ideal setup, OpenLDAP enumerates the users from Active Directory, and Kerberos handles authentication. Samba is not necessary for the use case you're describing (unless you insist on having the computer accounts in AD, which is mostly useless).
CentOS has some detailed documentation on how to accomplish directory-based authentication. You will probably do a lot of Googling to get LDAP/Kerberos going correctly, but the starting point is to edit /etc/openldap/ldap.conf and /etc/krb5.conf with the correct values for your AD setup. You'll also want to export an OpenLDAP copy of your AD server's certificate in PEM format if you want to connect to AD via SSL.
The trick here is to ensure that the "Linux users" in use are actually LDAP (Active Directory) users, and not just local accounts stored in each unique machine.
Joel E Salas
- 5,562
- 15
- 25