Authenticate AIX users from MS Active Directory Post: 302479923

Sponsored Content

Operating Systems AIX Authenticate AIX users from MS Active Directory Post 302479923 by kah00na on Monday 13th of December 2010 09:32:38 AM

12-13-2010

Registered User

These steps use Kerberos for only setup password authentication. This is not an LDAP connection, therefore, none of the user attributes are pulled from it. This solution is good for those that only want password centralization. If you want to use LDAP authentication, then the UIDs and GIDs have to match across systems, you have to involve the Windows administrators to get the AD server configured for your users, and various other tasks have to be performed. This method allows you, as the AIX admin, to be able to have your users authenticate their password from the AD with minimal effort and gets you out of the "I can't remember my password" game. Also, since you are only installing software and adding a second authentication method, there is no down time and you an switch users back and forth between local and AD authentication with only one command.

These 2 Users Gave Thanks to kah00na For This Post:

kah00na

View Public Profile for kah00na

Find all posts by kah00na

6 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Compiling Samba from Source on AIX, Active Directory, LDAP, Kerberos

Hello, I asked this question in the AIX subforum but never received an answer, probably because the AIX forum is not that heavily trafficked. Anyway, here it is.. I have never had any issues like this when compiling applications from source. When I try to compile samba-3.5.0pre2, configure runs...

2. UNIX for Dummies Questions & Answers

control permissions for Active Directory users on AIX

Hello, I've configured an user authentication against Active Directory (Windows Server 2008 R2) on AIX V6 with LDAP. It works fine. And here's my problem: How can I control ldap user permissions on the local AIX machine? E.g. an AD user should be able to write all files of local sys...

3. Proxy Server

Solaris 11.1 login authenticate with windows active directory

Hi, is that possible to login to solaris 11.1 authenticate with windows active directory? the user id is created in the windows active directory. Environment: Solaris 11.1 Windows 2012 Active Directory

4. UNIX for Advanced & Expert Users

Windows AD users authenticate to Linux

Hello folks, Please advise me what is the best way to authenticate Windows AD users against Linux machines. Currently I am going to take a look of Vintela Authentication Services and please let me know if you have experience with VIntela. Thanks in advance

5. AIX

AIX 7.1 - Samba 4 File Shares and Integration with Active Directory Issues

Hi. Ive recently upgraded Samba on an AIX server to Samba 4. The aim is to allow a specific group of Windows AD users to access some AIX file shares (with no requirement to enter passwords) - using AD to authenticate. Currently I have: Samba 4 installed ( and 3 daemons running) Installed...

6. AIX

Samba 3.6 on AIX 7.1 - Windows 10 Access to AIX file shares using Active Directory authentication

I am running AIX 7.1 and currently we have samba 3.6.25 installed on the server. As it stands some AIX folders are shared that can be accessed by certain Windows users. The problem is that since Windows 10 the guest feature no longer works so users have to manually type in their Windows login/pwd...

LEARN ABOUT V7

pam_ldap

pam_ldap(8)						      System Manager's Manual						       pam_ldap(8)

NAME

       pam_ldap - PAM module for LDAP-based authentication

SYNOPSIS

       pam_ldap.so [...]

DESCRIPTION

       This is a PAM module that uses an LDAP server to verify user access rights and credentials.

OPTIONS

       use_first_pass
	      Specifies that the PAM module should use the first password provided in the authentication stack and not prompt the user for a pass-
	      word.

       try_first_pass
	      Specifies that the PAM module should use the first password provided in the authentication stack and if that fails prompt  the  user
	      for a password.

       nullok Specifying this option allows users to log in with a blank password.  Normally logins without a password are denied.

       ignore_unknown_user
	      Specifies  that  the  PAM module should return PAM_IGNORE for users that are not present in the LDAP directory.  This causes the PAM
	      framework to ignore this module.

       ignore_authinfo_unavail
	      Specifies that the PAM module should return PAM_IGNORE if it cannot contact the LDAP server.  This causes the PAM framework  to  ig-
	      nore this module.

       no_warn
	      Specifies that warning messages should not be propagated to the PAM application.

       use_authtok
	      This  causes the PAM module to use the earlier provided password when changing the password. The module will not prompt the user for
	      a new password (it is analogous to use_first_pass).

       debug  This option causes the PAM module to log debugging information to syslog(3).

       minimum_uid=UID
	      This option causes the PAM module to ignore the user if the user id is lower than the specified value. This can be  used	to  bypass
	      LDAP checks for system users (e.g. by setting it to 1000).

MODULE SERVICES PROVIDED

       All services are provided by this module but currently sessions changes are not implemented in the nslcd daemon.

FILES

       /etc/pam.conf
	      the main PAM configuration file

       /etc/nslcd.conf
	      The configuration file for the nslcd daemon (see nslcd.conf(5))

SEE ALSO

       pam.conf(5), nslcd(8), nslcd.conf(5)

AUTHOR

       This manual was written by Arthur de Jong <arthur@arthurdejong.org>.

Version 0.8.10							     Jun 2012							       pam_ldap(8)