Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Windows AD users authenticate to Linux
Top Forums UNIX for Advanced & Expert Users Windows AD users authenticate to Linux Post 302998549 by Peasant on Saturday 3rd of June 2017 01:04:06 PM
Old 06-03-2017
Windows AD has builtin in kerberos and LDAP

You can use that to authenticate users to linux machine via SSH (host key) or your web service (HTTP key), using web server (for instance apache mod_auth_kerb).
You will need to install kerberos libs and client package (names will depend on your distribution) on your linux box.

Process involves creating a user on AD, generating kerberos keytab on AD for that user, copying the keytab file to your linux server and configuring /etc/krb5.conf

This can be configured additionally with AD LDAP to avoid creating users on the machine, otherwise a user must be created.
Without password will work and user will not be able to set his password via passwd command if it is blanked.

Hope that helps
Regards
Peasant.
 

7 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

UNIX help for Windows users?

Is there any sort of documentation that translates windows commands into linux commands? ...just the basic stuff that you would do on your win PC translated to linux? For example in windows to configure your network card you would... Settings > Control Panel > Network Connections > Local... (3 Replies)
Discussion started by: TINO
3 Replies

2. AIX

Authenticate AIX users from MS Active Directory

First, let me start off saying this is not spam. This is me trying to help out other AIX Admins with MS AD servers. If it is not applicable to you, someone else will find it useful. As long as the "KDC" service is running on your AD server, these steps should work. There should be no... (3 Replies)
Discussion started by: kah00na
3 Replies

3. Linux

Using squid_db_auth to authenticate squid users against SQLite

Hi guys, Can we use squid_db_auth to authenticate squid users against SQLite database? I googled but all configurations are in MySQL. (0 Replies)
Discussion started by: majid.merkava
0 Replies

4. IP Networking

Linux Client To Authenticate using TACACS

I have customer who controls access to the internet via TACACS server, basically a PIX firewall uses authentication from the TACACS to say if traffic is allowed to pass out of the gateway. I can't find anything on how to configure a linux client of TACACS authentication only how to set up a linux... (1 Reply)
Discussion started by: metallica1973
1 Replies

5. Proxy Server

Solaris 11.1 login authenticate with windows active directory

Hi, is that possible to login to solaris 11.1 authenticate with windows active directory? the user id is created in the windows active directory. Environment: Solaris 11.1 Windows 2012 Active Directory (3 Replies)
Discussion started by: freshmeat
3 Replies

6. AIX

AIX LDAP client authenticate against Linux Openldap server over TLS/SSL

Hi folks, How can i configure an AIX LDAP client to authenticate against an Linux Openldap server over TLS/SSL? It works like a charm without TLS/SSL. i would like to have SSL encrypted communication for ldap (secldapclntd) and ldapsearch etc. while accepting every kind of certificate/CA.... (6 Replies)
Discussion started by: paco699
6 Replies

7. UNIX for Beginners Questions & Answers

Seen Windows pc, having all the features of Linux, could exe, read and edit save like windows

Hi, totally new to linux base using windows when started learning and using computers. but i remember that one pc was there , look alike windows desktop, but could not do the task as windows just click and open and view edit etc. But, you could do a little differently even saving in and opening... (8 Replies)
Discussion started by: jraju
8 Replies

LEARN ABOUT DEBIAN

catalyst::authentication::credential::authen::simple

Catalyst::Authentication::Credential::Authen::Simple(3pmUser Contributed Perl DocumentatiCatalyst::Authentication::Credential::Authen::Simple(3pm)

NAME

       Catalyst::Authentication::Credential::Authen::Simple - Verify credentials with the Authen::Simple framework

SYNOPSIS

	 use Catalyst qw(Authentication);
	 # later on ...
	 if ($c->authenticate({ username => 'myusername',
				password => 'mypassword' })){
	   my $long_name = $c->user->get('LongName');
	   # Hello Mr $long_name
	 }

DESCRIPTION

       This module helps your Cataylst Application authenticate against a lot of credential databases thanks to the Authen::Simple framework.

USAGE

       Just configure your Catalyst App Authentication to use class 'Authen::Simple' as the credential verifier, and give it a set of
       Authen::Simple classes. You can pass arguments to the Authen::Simple:XXX class constructors with the 'args' key. Note that the authen key
       is an array. If more than one class is specified, when your app authenticates, the username and password is submitted to each class until
       one of the classes returns that the user/pass pair is valid. If no class validates the credentials, the user is not able to log in.

	 'Plugin::Authentication' => {
	   'realms' => {
	     'default' => {
	       'store' => { ... }
	       'credential' => {
		 'class' => 'Authen::Simple',
		 'authen' => [
		   {
		     'class' => 'Passwd',
		     'args' => {
		       'path' => '/etc/shadow'
		     }
		   },
		   {
		     'class' => 'SSH',
		     'args' => {
		       'host' => 'host.company.com'
		     }
		   }
		 ]
	       }
	     }
	   }
	 }

       If the Catalyst log object is compatible with the Authen::Simple log object, Authen::Simple classes will log through Catalyst.

   new
       Called by Catalyst::Authentication. Instances the Authen::Simple classes read from the configuration.

   authenticate
	Usage	  : Call $c->authenticate({ username => ..., password => ...});
	Returns   : User object if the credentials are verified successfully. undef if user not authenticated.

AUTHOR

	   Jose Luis Martinez
	   CPAN ID: JLMARTIN
	   CAPSiDE
	   jlmartinez@capside.com
	   http://www.pplusdomain.net

THANKS

       Tobjorn Lindahl, Dylan Martin, Tomas Doran and Inigo Tejedor Arrondo for patches and recommedations

COPYRIGHT

       Copyright (c) 2008 by Jose Luis Martinez Torres

       This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

       The full text of the license can be found in the LICENSE file included with this module.

SEE ALSO

       Authen::Simple and all of the Authen::Simple::XXX classes

perl v5.14.2							    2009-11-16		 Catalyst::Authentication::Credential::Authen::Simple(3pm)
All times are GMT -4. The time now is 04:36 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy