Regarding PAM via ldap

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












I have a question for the authentication between Linux and Windows.



When I get an authentication from the OS system such as Linux, then I can use PAM by configuration of "/pam.d".



However, it's the authentication in local only, and I have to make an authentication from Windows not Linux.



So, I'm looking into /etc/shadows and /etc/nsswitch.conf. There is an article for the tip, but it's not enough for me to configure the file by my self..
( URL : https://serverfault.com/questions/538383/understand-pam-and-nss/538503#538503 )



Other articles are saying using OpenLDAP, but it's for Linux not Windows.. I guess..



Is there any way to get the authentication from Window servers via LDAP??



For example of 'nsswitch.conf', if I configure the file like following..




passwd: files dns sss
shadow: files dns sss


Then, it will find the files first and then look into DNS. Then, how can I configure the DNS or /shadow, etc. for the authentication from the remote.



Thank you so much for reading.







share|improve this question





















  • Have you read this? technet.microsoft.com/en-us/library/2008.12.linux.aspx
    – Gerard H. Pille
    Jun 7 at 8:50










  • Hi, yes I read it but I'm using CentOS7 and Windows Azure. Does it work with the linked information in the condition? And.. it's using 'windbind', but I need to use 'LDAP'.
    – owcred601
    Jun 7 at 8:57











  • I'm afraid my head is not up in the cloud. No idea what's possible up there. Windbind, that's a good one ;-)
    – Gerard H. Pille
    Jun 7 at 9:02











  • I would like to use the easy way, but.. not possible..T.T.. BTW, Thank you.
    – owcred601
    Jun 7 at 9:06










  • I just had a look for Windows Azure authentication, and the first DuckDuckGo hit was "Windows Azure Active Directory". So, the old document could still be of value. At my job, it's how Linux authentication is done. Once it's set up, you just have to make sure the clocks stay in sync, but you'd want that anyhow.
    – Gerard H. Pille
    Jun 7 at 9:14














up vote
0
down vote

favorite












I have a question for the authentication between Linux and Windows.



When I get an authentication from the OS system such as Linux, then I can use PAM by configuration of "/pam.d".



However, it's the authentication in local only, and I have to make an authentication from Windows not Linux.



So, I'm looking into /etc/shadows and /etc/nsswitch.conf. There is an article for the tip, but it's not enough for me to configure the file by my self..
( URL : https://serverfault.com/questions/538383/understand-pam-and-nss/538503#538503 )



Other articles are saying using OpenLDAP, but it's for Linux not Windows.. I guess..



Is there any way to get the authentication from Window servers via LDAP??



For example of 'nsswitch.conf', if I configure the file like following..




passwd: files dns sss
shadow: files dns sss


Then, it will find the files first and then look into DNS. Then, how can I configure the DNS or /shadow, etc. for the authentication from the remote.



Thank you so much for reading.







share|improve this question





















  • Have you read this? technet.microsoft.com/en-us/library/2008.12.linux.aspx
    – Gerard H. Pille
    Jun 7 at 8:50










  • Hi, yes I read it but I'm using CentOS7 and Windows Azure. Does it work with the linked information in the condition? And.. it's using 'windbind', but I need to use 'LDAP'.
    – owcred601
    Jun 7 at 8:57











  • I'm afraid my head is not up in the cloud. No idea what's possible up there. Windbind, that's a good one ;-)
    – Gerard H. Pille
    Jun 7 at 9:02











  • I would like to use the easy way, but.. not possible..T.T.. BTW, Thank you.
    – owcred601
    Jun 7 at 9:06










  • I just had a look for Windows Azure authentication, and the first DuckDuckGo hit was "Windows Azure Active Directory". So, the old document could still be of value. At my job, it's how Linux authentication is done. Once it's set up, you just have to make sure the clocks stay in sync, but you'd want that anyhow.
    – Gerard H. Pille
    Jun 7 at 9:14












up vote
0
down vote

favorite









up vote
0
down vote

favorite











I have a question for the authentication between Linux and Windows.



When I get an authentication from the OS system such as Linux, then I can use PAM by configuration of "/pam.d".



However, it's the authentication in local only, and I have to make an authentication from Windows not Linux.



So, I'm looking into /etc/shadows and /etc/nsswitch.conf. There is an article for the tip, but it's not enough for me to configure the file by my self..
( URL : https://serverfault.com/questions/538383/understand-pam-and-nss/538503#538503 )



Other articles are saying using OpenLDAP, but it's for Linux not Windows.. I guess..



Is there any way to get the authentication from Window servers via LDAP??



For example of 'nsswitch.conf', if I configure the file like following..




passwd: files dns sss
shadow: files dns sss


Then, it will find the files first and then look into DNS. Then, how can I configure the DNS or /shadow, etc. for the authentication from the remote.



Thank you so much for reading.







share|improve this question













I have a question for the authentication between Linux and Windows.



When I get an authentication from the OS system such as Linux, then I can use PAM by configuration of "/pam.d".



However, it's the authentication in local only, and I have to make an authentication from Windows not Linux.



So, I'm looking into /etc/shadows and /etc/nsswitch.conf. There is an article for the tip, but it's not enough for me to configure the file by my self..
( URL : https://serverfault.com/questions/538383/understand-pam-and-nss/538503#538503 )



Other articles are saying using OpenLDAP, but it's for Linux not Windows.. I guess..



Is there any way to get the authentication from Window servers via LDAP??



For example of 'nsswitch.conf', if I configure the file like following..




passwd: files dns sss
shadow: files dns sss


Then, it will find the files first and then look into DNS. Then, how can I configure the DNS or /shadow, etc. for the authentication from the remote.



Thank you so much for reading.









share|improve this question












share|improve this question




share|improve this question








edited Jun 7 at 8:23
























asked Jun 7 at 8:08









owcred601

205




205











  • Have you read this? technet.microsoft.com/en-us/library/2008.12.linux.aspx
    – Gerard H. Pille
    Jun 7 at 8:50










  • Hi, yes I read it but I'm using CentOS7 and Windows Azure. Does it work with the linked information in the condition? And.. it's using 'windbind', but I need to use 'LDAP'.
    – owcred601
    Jun 7 at 8:57











  • I'm afraid my head is not up in the cloud. No idea what's possible up there. Windbind, that's a good one ;-)
    – Gerard H. Pille
    Jun 7 at 9:02











  • I would like to use the easy way, but.. not possible..T.T.. BTW, Thank you.
    – owcred601
    Jun 7 at 9:06










  • I just had a look for Windows Azure authentication, and the first DuckDuckGo hit was "Windows Azure Active Directory". So, the old document could still be of value. At my job, it's how Linux authentication is done. Once it's set up, you just have to make sure the clocks stay in sync, but you'd want that anyhow.
    – Gerard H. Pille
    Jun 7 at 9:14
















  • Have you read this? technet.microsoft.com/en-us/library/2008.12.linux.aspx
    – Gerard H. Pille
    Jun 7 at 8:50










  • Hi, yes I read it but I'm using CentOS7 and Windows Azure. Does it work with the linked information in the condition? And.. it's using 'windbind', but I need to use 'LDAP'.
    – owcred601
    Jun 7 at 8:57











  • I'm afraid my head is not up in the cloud. No idea what's possible up there. Windbind, that's a good one ;-)
    – Gerard H. Pille
    Jun 7 at 9:02











  • I would like to use the easy way, but.. not possible..T.T.. BTW, Thank you.
    – owcred601
    Jun 7 at 9:06










  • I just had a look for Windows Azure authentication, and the first DuckDuckGo hit was "Windows Azure Active Directory". So, the old document could still be of value. At my job, it's how Linux authentication is done. Once it's set up, you just have to make sure the clocks stay in sync, but you'd want that anyhow.
    – Gerard H. Pille
    Jun 7 at 9:14















Have you read this? technet.microsoft.com/en-us/library/2008.12.linux.aspx
– Gerard H. Pille
Jun 7 at 8:50




Have you read this? technet.microsoft.com/en-us/library/2008.12.linux.aspx
– Gerard H. Pille
Jun 7 at 8:50












Hi, yes I read it but I'm using CentOS7 and Windows Azure. Does it work with the linked information in the condition? And.. it's using 'windbind', but I need to use 'LDAP'.
– owcred601
Jun 7 at 8:57





Hi, yes I read it but I'm using CentOS7 and Windows Azure. Does it work with the linked information in the condition? And.. it's using 'windbind', but I need to use 'LDAP'.
– owcred601
Jun 7 at 8:57













I'm afraid my head is not up in the cloud. No idea what's possible up there. Windbind, that's a good one ;-)
– Gerard H. Pille
Jun 7 at 9:02





I'm afraid my head is not up in the cloud. No idea what's possible up there. Windbind, that's a good one ;-)
– Gerard H. Pille
Jun 7 at 9:02













I would like to use the easy way, but.. not possible..T.T.. BTW, Thank you.
– owcred601
Jun 7 at 9:06




I would like to use the easy way, but.. not possible..T.T.. BTW, Thank you.
– owcred601
Jun 7 at 9:06












I just had a look for Windows Azure authentication, and the first DuckDuckGo hit was "Windows Azure Active Directory". So, the old document could still be of value. At my job, it's how Linux authentication is done. Once it's set up, you just have to make sure the clocks stay in sync, but you'd want that anyhow.
– Gerard H. Pille
Jun 7 at 9:14




I just had a look for Windows Azure authentication, and the first DuckDuckGo hit was "Windows Azure Active Directory". So, the old document could still be of value. At my job, it's how Linux authentication is done. Once it's set up, you just have to make sure the clocks stay in sync, but you'd want that anyhow.
– Gerard H. Pille
Jun 7 at 9:14










1 Answer
1






active

oldest

votes

















up vote
1
down vote













Probably you want to install sssd and adjust its config file /etc/sssd/sssd.conf.



There are several options for integrating with MS AD:



  • Integrating with a Windows server using the AD provider

  • Integrating with a Windows server using the LDAP provider

The latter might be easier in the beginning, but the former can also provide single-sign via Kerberos.



Note that sssd serves NSS maps passwd, group and sudoers. Adding dns is only useful host the hosts map.



So these parts of /etc/nsswitch.conf should look similar to this:



passwd: files sss
group: files sss
hosts: files dns






share|improve this answer





















    Your Answer







    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );








     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f448359%2fregarding-pam-via-ldap%23new-answer', 'question_page');

    );

    Post as a guest






























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    1
    down vote













    Probably you want to install sssd and adjust its config file /etc/sssd/sssd.conf.



    There are several options for integrating with MS AD:



    • Integrating with a Windows server using the AD provider

    • Integrating with a Windows server using the LDAP provider

    The latter might be easier in the beginning, but the former can also provide single-sign via Kerberos.



    Note that sssd serves NSS maps passwd, group and sudoers. Adding dns is only useful host the hosts map.



    So these parts of /etc/nsswitch.conf should look similar to this:



    passwd: files sss
    group: files sss
    hosts: files dns






    share|improve this answer

























      up vote
      1
      down vote













      Probably you want to install sssd and adjust its config file /etc/sssd/sssd.conf.



      There are several options for integrating with MS AD:



      • Integrating with a Windows server using the AD provider

      • Integrating with a Windows server using the LDAP provider

      The latter might be easier in the beginning, but the former can also provide single-sign via Kerberos.



      Note that sssd serves NSS maps passwd, group and sudoers. Adding dns is only useful host the hosts map.



      So these parts of /etc/nsswitch.conf should look similar to this:



      passwd: files sss
      group: files sss
      hosts: files dns






      share|improve this answer























        up vote
        1
        down vote










        up vote
        1
        down vote









        Probably you want to install sssd and adjust its config file /etc/sssd/sssd.conf.



        There are several options for integrating with MS AD:



        • Integrating with a Windows server using the AD provider

        • Integrating with a Windows server using the LDAP provider

        The latter might be easier in the beginning, but the former can also provide single-sign via Kerberos.



        Note that sssd serves NSS maps passwd, group and sudoers. Adding dns is only useful host the hosts map.



        So these parts of /etc/nsswitch.conf should look similar to this:



        passwd: files sss
        group: files sss
        hosts: files dns






        share|improve this answer













        Probably you want to install sssd and adjust its config file /etc/sssd/sssd.conf.



        There are several options for integrating with MS AD:



        • Integrating with a Windows server using the AD provider

        • Integrating with a Windows server using the LDAP provider

        The latter might be easier in the beginning, but the former can also provide single-sign via Kerberos.



        Note that sssd serves NSS maps passwd, group and sudoers. Adding dns is only useful host the hosts map.



        So these parts of /etc/nsswitch.conf should look similar to this:



        passwd: files sss
        group: files sss
        hosts: files dns







        share|improve this answer













        share|improve this answer



        share|improve this answer











        answered Jul 21 at 16:51









        Michael Ströder

        2296




        2296






















             

            draft saved


            draft discarded


























             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f448359%2fregarding-pam-via-ldap%23new-answer', 'question_page');

            );

            Post as a guest













































































            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Displaying single band from multi-band raster using QGIS

            How many registers does an x86_64 CPU actually have?