04-29-2013
[Solved] Authentication and Authorization from Separate Domains
The company I work for is trying to implement Sudoers.LDAP to centralize their sudoers infrastructure so the access management team and compliance teams don't have to run ragged over all of our servers. The AD team decided it would be better to set up a separate LDAP server rather than put a new schema in our main AD domain, so we got an OpenLDAP server set up and ready to go for the project. Now, however, I'm being told by the Unix guys that it's not possible to have the user authentication pointing to one domain and the Sudoers authorization pointing to another domain and that we have to go back and have the schema put into the main domain.
Could one of you guys clarify on whether it is possible to point to one domain for authentication (user logins to the server) and a second for authorization (sudoers access)?
Last edited by Wolvendeer; 04-30-2013 at 09:43 AM..
8 More Discussions You Might Find Interesting
1. OS X (Apple)
I am building an installable package (.pkg) with PackageMaker 1.1.11 (that's the one that comes with Panther).
The package is for installing things both to /Applications and to some folders in /Library (/Library/StartupItems and a new folder that I'm putting in /Library).
I do (obviously) not... (4 Replies)
Discussion started by: ropers
4 Replies
2. UNIX for Advanced & Expert Users
I have ssh setup on 2 boxes ( aix / linux ).
building a batchjob i have made a plaintext key.
I force the command in the authorized_keys file
running from aix -> linux
ssh -i ~/.ssh/batchkey user@remote works perfect
but from linux -> aix
it get the following
debug1:... (1 Reply)
Discussion started by: progressdll
1 Replies
3. Linux
Hi,
I created a user, however, l want this user to be able to configure some services in REd Hat 8.0 such changing of Network address which is exclusive to root super user. Unlike in Openserver or Unixware were you can assign authorization and privileges to user. I have not being able to figure... (5 Replies)
Discussion started by: kayode
5 Replies
4. Programming
Greetings,
I am writing a C socket application that needs NTLM authorization before it can post HTTP requests, and
I am having trouble with NTLM authorization messages.
:b: I've found the following urls extremely valuable for creating message functions:
Davenport WebDAV-SMB Gateway... (1 Reply)
Discussion started by: edvin
1 Replies
5. UNIX for Advanced & Expert Users
I see a lot of thread on LDAP Authentication but I want to enable LDAP Authentication with Authorization. Meaning, removing the user ID's and groups from the local servers and move them to an LDAP server. When a user logs in (via LDAP) they will be given their group memberships and access to the... (3 Replies)
Discussion started by: scottsl
3 Replies
6. Red Hat
Hi,
I've configured two linux boxes to authenticate against Windows Active Directory using Kerberos while retrieving authorization data (uids, gids ,,,)from NIS.
The problem I ran into with my PAM configuration is that all authentication attempts succeed in order.i.e. if someone tried his... (0 Replies)
Discussion started by: geek.ksa
0 Replies
7. BSD
Dear all,
I've got problems with X server authentication using `xauth'. The problem is, that I have my local computer running NetBSD 5.1 and a remote computer in LAN which is running Debian GNU Linux. During the login to my NetBSD computer `xdm' generates a magic cookie for my DISPLAY. Then I... (2 Replies)
Discussion started by: sidorenko
2 Replies
8. Web Development
Hi,
I've been asked to 'troubleshoot' a webserver where two different TLDs are being served. Or to be more accurate, 'domain.com' and 'domain.fr'.
So we have
/var/www/domain.com
/var/www/domain.fr
And then for some reason, the httpd.conf file points to two different configuration files.... (1 Reply)
Discussion started by: davidm123SED
1 Replies
LEARN ABOUT DEBIAN
authen::simple::activedirectory
Authen::Simple::ActiveDirectory(3pm) User Contributed Perl Documentation Authen::Simple::ActiveDirectory(3pm)
NAME
Authen::Simple::ActiveDirectory - Simple ActiveDirectory authentication
SYNOPSIS
use Authen::Simple::ActiveDirectory;
my $ad = Authen::Simple::ActiveDirectory->new(
host => 'ad.company.com',
principal => 'company.com'
);
if ( $ad->authenticate( $username, $password ) ) {
# successfull authentication
}
# or as a mod_perl Authen handler
PerlModule Authen::Simple::Apache
PerlModule Authen::Simple::ActiveDirectory
PerlSetVar AuthenSimpleActiveDirectory_host "ad.company.com"
PerlSetVar AuthenSimpleActiveDirectory_principal "company.com"
<Location /protected>
PerlAuthenHandler Authen::Simple::ActiveDirectory
AuthType Basic
AuthName "Protected Area"
Require valid-user
</Location>
DESCRIPTION
Authenticate against Active Directory.
This implementation differs from Authen::Simple::LDAP in way that it will try to bind directly as the users principial.
METHODS
o new
This method takes a hash of parameters. The following options are valid:
o host
Connection host, can be a hostname, IP number or a URI. Defaults to "localhost".
host => ldap.company.com
host => 10.0.0.1
host => ldap://ldap.company.com:389
host => ldaps://ldap.company.com
o port
Connection port, default to 389. May be overridden by host if host is a URI.
port => 389
o timeout
Connection timeout, defaults to 60.
timeout => 60
o principal
The suffix in users principal, usally the domain or forrest. Required.
principal => 'company.com'
o log
Any object that supports "debug", "info", "error" and "warn".
log => Log::Log4perl->get_logger('Authen::Simple::ActiveDirectory')
o authenticate( $username, $password )
Returns true on success and false on failure.
SEE ALSO
Authen::Simple::LDAP.
Authen::Simple.
Net::LDAP.
AUTHOR
Christian Hansen "chansen@cpan.org"
COPYRIGHT
This program is free software, you can redistribute it and/or modify it under the same terms as Perl itself.
perl v5.14.2 2012-04-23 Authen::Simple::ActiveDirectory(3pm)