Regarding PAM via ldap
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I have a question for the authentication between Linux and Windows.
When I get an authentication from the OS system such as Linux, then I can use PAM by configuration of "/pam.d".
However, it's the authentication in local only, and I have to make an authentication from Windows not Linux.
So, I'm looking into /etc/shadows and /etc/nsswitch.conf. There is an article for the tip, but it's not enough for me to configure the file by my self..
( URL : https://serverfault.com/questions/538383/understand-pam-and-nss/538503#538503 )
Other articles are saying using OpenLDAP, but it's for Linux not Windows.. I guess..
Is there any way to get the authentication from Window servers via LDAP??
For example of 'nsswitch.conf', if I configure the file like following..
passwd: files dns sss
shadow: files dns sss
Then, it will find the files first and then look into DNS. Then, how can I configure the DNS or /shadow, etc. for the authentication from the remote.
Thank you so much for reading.
authentication pam ldap nss
asked Jun 7 at 8:08
owcred601
205
 |Â
show 1 more comment
up vote
0
down vote
favorite
I have a question for the authentication between Linux and Windows.
When I get an authentication from the OS system such as Linux, then I can use PAM by configuration of "/pam.d".
However, it's the authentication in local only, and I have to make an authentication from Windows not Linux.
So, I'm looking into /etc/shadows and /etc/nsswitch.conf. There is an article for the tip, but it's not enough for me to configure the file by my self..
( URL : https://serverfault.com/questions/538383/understand-pam-and-nss/538503#538503 )
Other articles are saying using OpenLDAP, but it's for Linux not Windows.. I guess..
Is there any way to get the authentication from Window servers via LDAP??
For example of 'nsswitch.conf', if I configure the file like following..
passwd: files dns sss
shadow: files dns sss
Then, it will find the files first and then look into DNS. Then, how can I configure the DNS or /shadow, etc. for the authentication from the remote.
Thank you so much for reading.
authentication pam ldap nss
asked Jun 7 at 8:08
owcred601
205
Have you read this? technet.microsoft.com/en-us/library/2008.12.linux.aspx
– Gerard H. Pille
Jun 7 at 8:50
Hi, yes I read it but I'm using CentOS7 and Windows Azure. Does it work with the linked information in the condition? And.. it's using 'windbind', but I need to use 'LDAP'.
– owcred601
Jun 7 at 8:57
I'm afraid my head is not up in the cloud. No idea what's possible up there. Windbind, that's a good one ;-)
– Gerard H. Pille
Jun 7 at 9:02
I would like to use the easy way, but.. not possible..T.T.. BTW, Thank you.
– owcred601
Jun 7 at 9:06
I just had a look for Windows Azure authentication, and the first DuckDuckGo hit was "Windows Azure Active Directory". So, the old document could still be of value. At my job, it's how Linux authentication is done. Once it's set up, you just have to make sure the clocks stay in sync, but you'd want that anyhow.
– Gerard H. Pille
Jun 7 at 9:14
 |Â
show 1 more comment
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I have a question for the authentication between Linux and Windows.
When I get an authentication from the OS system such as Linux, then I can use PAM by configuration of "/pam.d".
However, it's the authentication in local only, and I have to make an authentication from Windows not Linux.
So, I'm looking into /etc/shadows and /etc/nsswitch.conf. There is an article for the tip, but it's not enough for me to configure the file by my self..
( URL : https://serverfault.com/questions/538383/understand-pam-and-nss/538503#538503 )
Other articles are saying using OpenLDAP, but it's for Linux not Windows.. I guess..
Is there any way to get the authentication from Window servers via LDAP??
For example of 'nsswitch.conf', if I configure the file like following..
passwd: files dns sss
shadow: files dns sss
Then, it will find the files first and then look into DNS. Then, how can I configure the DNS or /shadow, etc. for the authentication from the remote.
Thank you so much for reading.
authentication pam ldap nss
asked Jun 7 at 8:08
owcred601
205
I have a question for the authentication between Linux and Windows.
When I get an authentication from the OS system such as Linux, then I can use PAM by configuration of "/pam.d".
However, it's the authentication in local only, and I have to make an authentication from Windows not Linux.
So, I'm looking into /etc/shadows and /etc/nsswitch.conf. There is an article for the tip, but it's not enough for me to configure the file by my self..
( URL : https://serverfault.com/questions/538383/understand-pam-and-nss/538503#538503 )
Other articles are saying using OpenLDAP, but it's for Linux not Windows.. I guess..
Is there any way to get the authentication from Window servers via LDAP??
For example of 'nsswitch.conf', if I configure the file like following..
passwd: files dns sss
shadow: files dns sss
Then, it will find the files first and then look into DNS. Then, how can I configure the DNS or /shadow, etc. for the authentication from the remote.
Thank you so much for reading.
authentication pam ldap nss
asked Jun 7 at 8:08
owcred601
205
edited Jun 7 at 8:23
asked Jun 7 at 8:08
owcred601
205
asked Jun 7 at 8:08
owcred601
205
asked Jun 7 at 8:08
owcred601
205
205
Have you read this? technet.microsoft.com/en-us/library/2008.12.linux.aspx
– Gerard H. Pille
Jun 7 at 8:50
Hi, yes I read it but I'm using CentOS7 and Windows Azure. Does it work with the linked information in the condition? And.. it's using 'windbind', but I need to use 'LDAP'.
– owcred601
Jun 7 at 8:57
I'm afraid my head is not up in the cloud. No idea what's possible up there. Windbind, that's a good one ;-)
– Gerard H. Pille
Jun 7 at 9:02
I would like to use the easy way, but.. not possible..T.T.. BTW, Thank you.
– owcred601
Jun 7 at 9:06
I just had a look for Windows Azure authentication, and the first DuckDuckGo hit was "Windows Azure Active Directory". So, the old document could still be of value. At my job, it's how Linux authentication is done. Once it's set up, you just have to make sure the clocks stay in sync, but you'd want that anyhow.
– Gerard H. Pille
Jun 7 at 9:14
 |Â
show 1 more comment
Have you read this? technet.microsoft.com/en-us/library/2008.12.linux.aspx
– Gerard H. Pille
Jun 7 at 8:50
Hi, yes I read it but I'm using CentOS7 and Windows Azure. Does it work with the linked information in the condition? And.. it's using 'windbind', but I need to use 'LDAP'.
– owcred601
Jun 7 at 8:57
I'm afraid my head is not up in the cloud. No idea what's possible up there. Windbind, that's a good one ;-)
– Gerard H. Pille
Jun 7 at 9:02
I would like to use the easy way, but.. not possible..T.T.. BTW, Thank you.
– owcred601
Jun 7 at 9:06
I just had a look for Windows Azure authentication, and the first DuckDuckGo hit was "Windows Azure Active Directory". So, the old document could still be of value. At my job, it's how Linux authentication is done. Once it's set up, you just have to make sure the clocks stay in sync, but you'd want that anyhow.
– Gerard H. Pille
Jun 7 at 9:14
Have you read this? technet.microsoft.com/en-us/library/2008.12.linux.aspx
– Gerard H. Pille
Jun 7 at 8:50
Have you read this? technet.microsoft.com/en-us/library/2008.12.linux.aspx
– Gerard H. Pille
Jun 7 at 8:50
Hi, yes I read it but I'm using CentOS7 and Windows Azure. Does it work with the linked information in the condition? And.. it's using 'windbind', but I need to use 'LDAP'.
– owcred601
Jun 7 at 8:57
Hi, yes I read it but I'm using CentOS7 and Windows Azure. Does it work with the linked information in the condition? And.. it's using 'windbind', but I need to use 'LDAP'.
– owcred601
Jun 7 at 8:57
I'm afraid my head is not up in the cloud. No idea what's possible up there. Windbind, that's a good one ;-)
– Gerard H. Pille
Jun 7 at 9:02
I'm afraid my head is not up in the cloud. No idea what's possible up there. Windbind, that's a good one ;-)
– Gerard H. Pille
Jun 7 at 9:02
I would like to use the easy way, but.. not possible..T.T.. BTW, Thank you.
– owcred601
Jun 7 at 9:06
I would like to use the easy way, but.. not possible..T.T.. BTW, Thank you.
– owcred601
Jun 7 at 9:06
I just had a look for Windows Azure authentication, and the first DuckDuckGo hit was "Windows Azure Active Directory". So, the old document could still be of value. At my job, it's how Linux authentication is done. Once it's set up, you just have to make sure the clocks stay in sync, but you'd want that anyhow.
– Gerard H. Pille
Jun 7 at 9:14
I just had a look for Windows Azure authentication, and the first DuckDuckGo hit was "Windows Azure Active Directory". So, the old document could still be of value. At my job, it's how Linux authentication is done. Once it's set up, you just have to make sure the clocks stay in sync, but you'd want that anyhow.
– Gerard H. Pille
Jun 7 at 9:14
 |Â
show 1 more comment
1 Answer
1
active
oldest
votes
up vote
1
down vote
Probably you want to install sssd and adjust its config file /etc/sssd/sssd.conf.
There are several options for integrating with MS AD:
- Integrating with a Windows server using the AD provider
- Integrating with a Windows server using the LDAP provider
The latter might be easier in the beginning, but the former can also provide single-sign via Kerberos.
Note that sssd serves NSS maps passwd, group and sudoers. Adding dns is only useful host the hosts map.
So these parts of /etc/nsswitch.conf should look similar to this:
passwd: files sss
group: files sss
hosts: files dns
answered Jul 21 at 16:51
Michael Ströder
2296
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
Probably you want to install sssd and adjust its config file /etc/sssd/sssd.conf.
There are several options for integrating with MS AD:
- Integrating with a Windows server using the AD provider
- Integrating with a Windows server using the LDAP provider
The latter might be easier in the beginning, but the former can also provide single-sign via Kerberos.
Note that sssd serves NSS maps passwd, group and sudoers. Adding dns is only useful host the hosts map.
So these parts of /etc/nsswitch.conf should look similar to this:
passwd: files sss
group: files sss
hosts: files dns
answered Jul 21 at 16:51
Michael Ströder
2296
add a comment |Â
up vote
1
down vote
Probably you want to install sssd and adjust its config file /etc/sssd/sssd.conf.
There are several options for integrating with MS AD:
- Integrating with a Windows server using the AD provider
- Integrating with a Windows server using the LDAP provider
The latter might be easier in the beginning, but the former can also provide single-sign via Kerberos.
Note that sssd serves NSS maps passwd, group and sudoers. Adding dns is only useful host the hosts map.
So these parts of /etc/nsswitch.conf should look similar to this:
passwd: files sss
group: files sss
hosts: files dns
answered Jul 21 at 16:51
Michael Ströder
2296
add a comment |Â
up vote
1
down vote
up vote
1
down vote
Probably you want to install sssd and adjust its config file /etc/sssd/sssd.conf.
There are several options for integrating with MS AD:
- Integrating with a Windows server using the AD provider
- Integrating with a Windows server using the LDAP provider
The latter might be easier in the beginning, but the former can also provide single-sign via Kerberos.
Note that sssd serves NSS maps passwd, group and sudoers. Adding dns is only useful host the hosts map.
So these parts of /etc/nsswitch.conf should look similar to this:
passwd: files sss
group: files sss
hosts: files dns
answered Jul 21 at 16:51
Michael Ströder
2296
Probably you want to install sssd and adjust its config file /etc/sssd/sssd.conf.
There are several options for integrating with MS AD:
- Integrating with a Windows server using the AD provider
- Integrating with a Windows server using the LDAP provider
The latter might be easier in the beginning, but the former can also provide single-sign via Kerberos.
Note that sssd serves NSS maps passwd, group and sudoers. Adding dns is only useful host the hosts map.
So these parts of /etc/nsswitch.conf should look similar to this:
passwd: files sss
group: files sss
hosts: files dns
answered Jul 21 at 16:51
Michael Ströder
2296
answered Jul 21 at 16:51
Michael Ströder
2296
answered Jul 21 at 16:51
Michael Ströder
2296
answered Jul 21 at 16:51
Michael Ströder
2296
2296
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f448359%2fregarding-pam-via-ldap%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Have you read this? technet.microsoft.com/en-us/library/2008.12.linux.aspx
– Gerard H. Pille
Jun 7 at 8:50
Hi, yes I read it but I'm using CentOS7 and Windows Azure. Does it work with the linked information in the condition? And.. it's using 'windbind', but I need to use 'LDAP'.
– owcred601
Jun 7 at 8:57
I'm afraid my head is not up in the cloud. No idea what's possible up there. Windbind, that's a good one ;-)
– Gerard H. Pille
Jun 7 at 9:02
I would like to use the easy way, but.. not possible..T.T.. BTW, Thank you.
– owcred601
Jun 7 at 9:06
I just had a look for Windows Azure authentication, and the first DuckDuckGo hit was "Windows Azure Active Directory". So, the old document could still be of value. At my job, it's how Linux authentication is done. Once it's set up, you just have to make sure the clocks stay in sync, but you'd want that anyhow.
– Gerard H. Pille
Jun 7 at 9:14