Central authentication server

 
Thread Tools Search this Thread
Operating Systems Linux Red Hat Central authentication server
# 1  
Old 06-19-2014
Central authentication server

Hi guys

In the firm we are running Windows and Linux server. Currently all servers are using the same usernames and password and from my opinion is we are running bad and non secure practice.

I was looking some documentation and I think best solution is to use SAMBA/LDAP/Kerberos to act as domain controller. I know Windows has active directory but my primary target is Linux.

Also, I never implemented this kind of enterprise system so my questions are

1. Can I get login once infrastructure (login just once and get all corporate services) ?
2. Can LDAP users login to Windows and Linux ? What about RDBMS (We have all major names of the market) ?
3. Is possible to build WEB interface for adding/removing users and groups from LDAP ?

I really don't know anything about those mentioned systems so I'm asking a lot of questions
# 2  
Old 06-19-2014
Login once and get to all hosts... sure. Let's say you have a Windows domain, you login to the Windows Domain from your Windows client, it loads your SSH key off a secure area only you have access to and then you can PuTTY into the Linux hosts without typing a password... that's just one solution.

Single source of auth (a step down from SSO above) is possible as well... that is, you have to use your Windows username and password to log into the clients/servers regardless of whether they are Linux or Windows. Samba 3 supports this using winbind, but there are LDAP and AD ways to do this as well. But winbind is your friend IMHO.

Ah... finally with regards to a web interface for manipulating Windows AD... this is harder than it seems. LDAP is easy to manipulate, but passwords (which isn't LDAP) is a bit more difficult. Most people on a Windows network use Exchange for their email, so they just use OWA which allows you to change your password. With that said, I don't use Exchange here... it's an issue on our plate currently.
# 3  
Old 06-24-2014
Take a look at RedHat Identity Management. It does most of what you need and has a web interface that both admins and users can use. It can work with AD, also. I got Solaris 10 to use it for authentication. It does services, automount, pretty much the full gamut and well documented.
# 4  
Old 06-28-2014
We don't use Red Hat Linux but CentOS. I have OwnCloud, Tiki, some build servers (TeamCity) and I'm will build some kind of internal service for tracking licences we gave to our programmers. Most of the technology is open source so I don't to buy any kind of licence if I can use Kerberos/LDAP/Samba to get what I need.

I just don't understand how I can forward credentials to other services.
# 5  
Old 06-30-2014
Then look at 389 directory server.
# 6  
Old 07-01-2014
Have a look at sssd which is a systems and security services daemon. That is the "modern" way of doing user authentication in the Linux world.

My advice to you is avoid Samba if you can.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

Cannot login to SMB Server/Authentication denied

Hello, I have problems seting up SMB server in Solaris 11.3. I had SMB working previously on Solaris 11 (updated to 11.3), but a bad harddisk crash forced me to install Solaris again from scratch and I cannot get it working properly. I have imported the previous zfs pool with share.smb set... (7 Replies)
Discussion started by: Zorken
7 Replies

2. Solaris

Configuring central logging server for network devices

Hi I am very well aware of configuring central logging (syslog)server on solaris to capture logs of other solaris servers. But don't know how to capture the logs of network devices like Juniper , cisco etc on solaris server. Is this possible through syslog server of solaris. Is there any way we... (1 Reply)
Discussion started by: amity
1 Replies

3. Linux

How to connect Linux server (configure two way authentication) with Windows server?

Hi my name is Manju. ->I have configure the two way authentication on my linux server. ->Now I am able to apply two way authenticator on particuler user. ->Now I want to map this linux server to my AD server. ->Kindly tell me how to map AD(Active Directory) with this linux server. ... (0 Replies)
Discussion started by: manjusharma128
0 Replies

4. Linux

Ssh authentication using 389 Directory server

I am trying LDAP authentication for users logged in CentOS by PAM. Also I have disabled(off) nsslapd-anonymous-access flag to restrict anonymous access by providing the binddn and bindpw. I have changed binddn and bindpw in /etc/ldap.conf for PAM to bind with LDAP to authenticate user. ie) When... (1 Reply)
Discussion started by: shri_22ram
1 Replies

5. Solaris

Help to setup Central server for Solaris10.

Hi Experts, In our env, we have around 100 more solaris 8,9,10 servers, we quaterly apply patches & emergency fixes, for this we take prior OS Ufsdump bkp, In order to reduce the efforts to go DC & load each time the tapes on all servers & take the ufsdump backup, we planned to set up a... (2 Replies)
Discussion started by: fizan
2 Replies

6. Shell Programming and Scripting

How to connect to FTP server which requires SSL authentication?

Hello, I tried searching through lot of threads for a solution but couldn't fetch the exact solution, so I am creating a new thread. I am trying to connect to a FTP server 1) using a simple FTP command, it gives the error : 534 Policy requires SSL. Login failed. 2) using SFTP... (19 Replies)
Discussion started by: amitshete
19 Replies

7. Red Hat

microsoft Server 2008 Active authentication to a linux server

Hi, Please could someone advise I'm trying to use winscp from a Window server 2008 R2, but i need to add the authentication key to access the linux rh 5.4 servers ? What is the best way of approaching this ? If there are any web links that could help me do this, that would be good. ... (1 Reply)
Discussion started by: venhart
1 Replies

8. UNIX and Linux Applications

Regarding NFS server username/password authentication

Hi; I had set up NFS server in one ubuntu box and mounted few directories using it. In order to access those directories across the network i m using j-ftp(an open source java network client) from other boxes in the same network.I am able to view my mounted directories in the server through it.... (1 Reply)
Discussion started by: ajaypadvi
1 Replies

9. Filesystems, Disks and Memory

Central Backup Server

Hi , I have several Linux Servers , and now i want to run a Central backup server. . I'm looking forward finding an enterprise solution for this affair . there are different types of data on this servers, like : Mysql databases , mail server, web server , Cacti and MRTG graphs , ... I find some... (1 Reply)
Discussion started by: nasser
1 Replies

10. IP Networking

Authentication WAP with RADIUS Server

Network Configuration Figure http://geocities.com/fy_heng/test1.JPG Dear all, I currently performing an testing using the above network configuration (Please click on the above link). On how actually the RADIUS server can authenticate the user who connect to the WAP (wireless access point)... (0 Replies)
Discussion started by: Paris Heng
0 Replies
Login or Register to Ask a Question