1

My work environment is mainly Windows and Active Directory. Active Directory has no unix attributes extended. What is the best way to fully integrate a Linux box in that environment? I'd like the AD authentication to work seamlessly with all programs and services.

I've tried this approach a few times before. We have a separate OpenLDAP server for our Linux servers, and I've tried using that as an LDAP backend, but I kept running into too many problems with other services not being able to work correctly. I'm pretty sure I didn't do something right, but I didn't fully understand it. I was using the Samba how-to on samba.org.

I've also tried using IDMAP, which worked but was very slow. I guess ideally I'd like to be able to use LDAP to provide the Linux attributes, but use AD for password auth. Any help there?

Open to other suggestions or hints on how to better do this as well.

churnd
  • 3,977
  • 5
  • 33
  • 41
  • 1
    Your question was already answered here (also responding to the question of **'how practical is this solution'**): http://serverfault.com/questions/15626/how-practical-is-to-authenticate-a-linux-server-against-ad – l0c0b0x Aug 06 '09 at 15:24

3 Answers3

2

You probably want to look at Likewise Open.

http://www.likewise.com/products/likewise_open/

It's samba's winbind, but with a whole bunch of tweaks & fixes.

LapTop006
  • 6,466
  • 19
  • 26
  • I read about this a while back, but it slipped my mind. I'll definitely try it. Only catch is, I have to request permission to join AD, and only get one try otherwise they get irate because I "bug" them and have to wait a while so they can cool off. Anything I should know before I give it my "one try"? – churnd Aug 06 '09 at 17:07
1

You'll need to upgrade your DC to at least server 2k3 R2 so as to get the unix extensions

You can add your Linux servers to active directory I followed this guide: http://blog.scottlowe.org/2007/01/15/linux-ad-integration-version-4

Which worked quite well. The hardest thing I found was working with the AD attributes but most of the information is on the net.

Shawn B
  • 41
  • 2
1

I always recommend Likewise Open, it install on the Linux box easily and integrates the Linux Box into the AD Environment. Also, its Free.

Kyle Brandt
  • 82,107
  • 71
  • 302
  • 444