Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Central authentication server
Operating Systems Linux Red Hat Central authentication server Post 302906451 by cjcox on Thursday 19th of June 2014 05:47:38 PM
Old 06-19-2014
Login once and get to all hosts... sure. Let's say you have a Windows domain, you login to the Windows Domain from your Windows client, it loads your SSH key off a secure area only you have access to and then you can PuTTY into the Linux hosts without typing a password... that's just one solution.

Single source of auth (a step down from SSO above) is possible as well... that is, you have to use your Windows username and password to log into the clients/servers regardless of whether they are Linux or Windows. Samba 3 supports this using winbind, but there are LDAP and AD ways to do this as well. But winbind is your friend IMHO.

Ah... finally with regards to a web interface for manipulating Windows AD... this is harder than it seems. LDAP is easy to manipulate, but passwords (which isn't LDAP) is a bit more difficult. Most people on a Windows network use Exchange for their email, so they just use OWA which allows you to change your password. With that said, I don't use Exchange here... it's an issue on our plate currently.
 

10 More Discussions You Might Find Interesting

1. IP Networking

Authentication WAP with RADIUS Server

Network Configuration Figure http://geocities.com/fy_heng/test1.JPG Dear all, I currently performing an testing using the above network configuration (Please click on the above link). On how actually the RADIUS server can authenticate the user who connect to the WAP (wireless access point)... (0 Replies)
Discussion started by: Paris Heng
0 Replies

2. Filesystems, Disks and Memory

Central Backup Server

Hi , I have several Linux Servers , and now i want to run a Central backup server. . I'm looking forward finding an enterprise solution for this affair . there are different types of data on this servers, like : Mysql databases , mail server, web server , Cacti and MRTG graphs , ... I find some... (1 Reply)
Discussion started by: nasser
1 Replies

3. UNIX and Linux Applications

Regarding NFS server username/password authentication

Hi; I had set up NFS server in one ubuntu box and mounted few directories using it. In order to access those directories across the network i m using j-ftp(an open source java network client) from other boxes in the same network.I am able to view my mounted directories in the server through it.... (1 Reply)
Discussion started by: ajaypadvi
1 Replies

4. Red Hat

microsoft Server 2008 Active authentication to a linux server

Hi, Please could someone advise I'm trying to use winscp from a Window server 2008 R2, but i need to add the authentication key to access the linux rh 5.4 servers ? What is the best way of approaching this ? If there are any web links that could help me do this, that would be good. ... (1 Reply)
Discussion started by: venhart
1 Replies

5. Shell Programming and Scripting

How to connect to FTP server which requires SSL authentication?

Hello, I tried searching through lot of threads for a solution but couldn't fetch the exact solution, so I am creating a new thread. I am trying to connect to a FTP server 1) using a simple FTP command, it gives the error : 534 Policy requires SSL. Login failed. 2) using SFTP... (19 Replies)
Discussion started by: amitshete
19 Replies

6. Solaris

Help to setup Central server for Solaris10.

Hi Experts, In our env, we have around 100 more solaris 8,9,10 servers, we quaterly apply patches & emergency fixes, for this we take prior OS Ufsdump bkp, In order to reduce the efforts to go DC & load each time the tapes on all servers & take the ufsdump backup, we planned to set up a... (2 Replies)
Discussion started by: fizan
2 Replies

7. Linux

Ssh authentication using 389 Directory server

I am trying LDAP authentication for users logged in CentOS by PAM. Also I have disabled(off) nsslapd-anonymous-access flag to restrict anonymous access by providing the binddn and bindpw. I have changed binddn and bindpw in /etc/ldap.conf for PAM to bind with LDAP to authenticate user. ie) When... (1 Reply)
Discussion started by: shri_22ram
1 Replies

8. Linux

How to connect Linux server (configure two way authentication) with Windows server?

Hi my name is Manju. ->I have configure the two way authentication on my linux server. ->Now I am able to apply two way authenticator on particuler user. ->Now I want to map this linux server to my AD server. ->Kindly tell me how to map AD(Active Directory) with this linux server. ... (0 Replies)
Discussion started by: manjusharma128
0 Replies

9. Solaris

Configuring central logging server for network devices

Hi I am very well aware of configuring central logging (syslog)server on solaris to capture logs of other solaris servers. But don't know how to capture the logs of network devices like Juniper , cisco etc on solaris server. Is this possible through syslog server of solaris. Is there any way we... (1 Reply)
Discussion started by: amity
1 Replies

10. Solaris

Cannot login to SMB Server/Authentication denied

Hello, I have problems seting up SMB server in Solaris 11.3. I had SMB working previously on Solaris 11 (updated to 11.3), but a bad harddisk crash forced me to install Solaris again from scratch and I cannot get it working properly. I have imported the previous zfs pool with share.smb set... (7 Replies)
Discussion started by: Zorken
7 Replies

LEARN ABOUT XFREE86

wbinfo

WBINFO(1)							   User Commands							 WBINFO(1)

NAME

       wbinfo - Query information from winbind daemon

SYNOPSIS

       wbinfo [-a user%password] [--all-domains] [--allocate-gid] [--allocate-uid] [-c] [-D domain] [--domain domain] [-g] [--getdcname domain]
	[--get-auth-user] [-G gid] [-h] [-i user] [-I ip] [-K user%password] [-m] [-n name] [-N netbios-name] [--own-domain] [-p] [-r user]
	[--remove-uid-mapping uid,sid] [--remove-gid-mapping gid,sid] [-s sid] [--separator] [--sequence] [--set-auth-user user%password]
	[--set-uid-mapping uid,sid] [--set-gid-mapping gid,sid] [-S sid] [-t] [-u] [--uid-info uid] [--user-domgroups sid] [--user-sids sid]
	[-U uid] [-V] [-Y sid] [--verbose]

DESCRIPTION

       This tool is part of the samba(7) suite.

       The wbinfo program queries and returns information created and used by the winbindd(8) daemon.

       The winbindd(8) daemon must be configured and running for the wbinfo program to be able to return information.

OPTIONS

       -a|--authenticate username%password
	   Attempt to authenticate a user via winbindd(8). This checks both authentication methods and reports its results.

	       Note
	       Do not be tempted to use this functionality for authentication in third-party applications. Instead use ntlm_auth(1).

       --allocate-gid
	   Get a new GID out of idmap

       --allocate-uid
	   Get a new UID out of idmap

       --all-domains
	   List all domains (trusted and own domain).

       -c|--change-secret
	   Change the trust account password. May be used in conjunction with domain in order to change interdomain trust account passwords.

       --domain name
	   This parameter sets the domain on which any specified operations will performed. If special domain name '.' is used to represent the
	   current domain to which winbindd(8) belongs. Currently only the --sequence, -u, and -g options honor this parameter.

       -D|--domain-info domain
	   Show most of the info we have about the specified domain.

       -g|--domain-groups
	   This option will list all groups available in the Windows NT domain for which the samba(7) daemon is operating in. Groups in all
	   trusted domains will also be listed. Note that this operation does not assign group ids to any groups that have not already been seen
	   by winbindd(8).

       --get-auth-user
	   Print username and password used by winbindd(8) during session setup to a domain controller. Username and password can be set using
	   --set-auth-user. Only available for root.

       --getdcname domain
	   Get the DC name for the specified domain.

       -G|--gid-to-sid gid
	   Try to convert a UNIX group id to a Windows NT SID. If the gid specified does not refer to one within the idmap gid range then the
	   operation will fail.

       -i|--user-info user
	   Get user info.

       -I|--WINS-by-ip ip
	   The -I option queries winbindd(8) to send a node status request to get the NetBIOS name associated with the IP address specified by the
	   ip parameter.

       -K|--krb5auth username%password
	   Attempt to authenticate a user via Kerberos.

       -m|--trusted-domains
	   Produce a list of domains trusted by the Windows NT server winbindd(8) contacts when resolving names. This list does not include the
	   Windows NT domain the server is a Primary Domain Controller for.

       -n|--name-to-sid name
	   The -n option queries winbindd(8) for the SID associated with the name specified. Domain names can be specified before the user name by
	   using the winbind separator character. For example CWDOM1/Administrator refers to the Administrator user in the domain CWDOM1. If no
	   domain is specified then the domain used is the one specified in the smb.conf(5) workgroup parameter.

       -N|--WINS-by-name name
	   The -N option queries winbindd(8) to query the WINS server for the IP address associated with the NetBIOS name specified by the name
	   parameter.

       --own-domain
	   List own domain.

       -p|--ping
	   Check whether winbindd(8) is still alive. Prints out either 'succeeded' or 'failed'.

       -r|--user-groups username
	   Try to obtain the list of UNIX group ids to which the user belongs. This only works for users defined on a Domain Controller.

       -s|--sid-to-name sid
	   Use -s to resolve a SID to a name. This is the inverse of the -n option above. SIDs must be specified as ASCII strings in the
	   traditional Microsoft format. For example, S-1-5-21-1455342024-3071081365-2475485837-500.

       --separator
	   Get the active winbind separator.

       --sequence
	   Show sequence numbers of all known domains.

       --set-auth-user username%password
	   Store username and password used by winbindd(8) during session setup to a domain controller. This enables winbindd to operate in a
	   Windows 2000 domain with Restrict Anonymous turned on (a.k.a. Permissions compatible with Windows 2000 servers only).

       -S|--sid-to-uid sid
	   Convert a SID to a UNIX user id. If the SID does not correspond to a UNIX user mapped by winbindd(8) then the operation will fail.

       -t|--check-secret
	   Verify that the workstation trust account created when the Samba server is added to the Windows NT domain is working. May be used in
	   conjunction with domain in order to verify interdomain trust accounts.

       -u|--domain-users
	   This option will list all users available in the Windows NT domain for which the winbindd(8) daemon is operating in. Users in all
	   trusted domains will also be listed. Note that this operation does not assign user ids to any users that have not already been seen by
	   winbindd(8) .

       --uid-info uid
	   Get user info for the user connected to user id UID.

       --user-domgroups sid
	   Get user domain groups.

       --user-sids sid
	   Get user group SIDs for user.

       -U|--uid-to-sid uid
	   Try to convert a UNIX user id to a Windows NT SID. If the uid specified does not refer to one within the idmap uid range then the
	   operation will fail.

       --verbose
	   Print additional information about the query results.

       -Y|--sid-to-gid sid
	   Convert a SID to a UNIX group id. If the SID does not correspond to a UNIX group mapped by winbindd(8) then the operation will fail.

       --remove-uid-mapping uid,sid
	   Remove an existing uid to sid mapping entry from the IDmap backend.

       --remove-gid-mapping gid,sid
	   Remove an existing gid to sid mapping entry from the IDmap backend.

       --set-uid-mapping uid,sid
	   Create a new or modify an existing uid to sid mapping in the IDmap backend.

       --set-gid-mapping gid,sid
	   Create a new or modify an existing gid to sid mapping in the IDmap backend.

       -V|--version
	   Prints the program version number.

       -h|--help
	   Print a summary of command line options.

EXIT STATUS

       The wbinfo program returns 0 if the operation succeeded, or 1 if the operation failed. If the winbindd(8) daemon is not working wbinfo will
       always return failure.

VERSION

       This man page is correct for version 3 of the Samba suite.

SEE ALSO

       winbindd(8) and ntlm_auth(1)

AUTHOR

       The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open
       Source project similar to the way the Linux kernel is developed.

       wbinfo and winbindd were written by Tim Potter.

       The conversion to DocBook for Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was done by Alexander
       Bokovoy.

Samba 3.5							    06/18/2010								 WBINFO(1)
All times are GMT -4. The time now is 01:19 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy