Authenticate Linux/Unix to Active Directory

If you need guidance on a Microsoft technology, we probably have a Solution Accelerator for that!  Today’s guide is brought to you by the letter “authentication”.

Now… If you operate in a heterogeneous environment, you may one day be tasked with making your Linux boxes talk to Active Directory.  The Windows Security and Directory Services for UNIX Guide has everything you need to do so, walking you through the steps to reach one of 5 “end states”.

End State 1. UNIX clients use Active Directory Kerberos for authentication but continue to use a UNIX-based store for authorization.

End State 2. UNIX clients use Active Directory Kerberos for authentication and use Active Directory Lightweight Directory Access Protocol (LDAP) for authorization.

End State 3. UNIX clients use Active Directory LDAP for authentication but continue to use a UNIX-based store for authorization.

End State 4. UNIX clients use Active Directory LDAP for both authentication and authorization.

End State 5. A cross-realm trust is established between UNIX-based Kerberos and Active Directory–based Kerberos in UNIX and Windows infrastructures that remain separate. Windows and UNIX clients each authenticate to their own Kerberos Key Distribution Center (KDC) and (if the trust is two-way) can then access resources hosted by computers on the other side.

Figure 1.1. Active Directory's central role in supporting a network infrastructure

From the guide:

Many organizations today include computers running both UNIX and Microsoft® Windows® operating systems in their network environments. Ensuring the security of information located on either type of network infrastructure requires validating every user’s identity and specifying which network data each user can access.

Currently, most organizations with heterogeneous environments maintain separate systems for Windows and UNIX to authenticate a user’s identity when the user logs on to the network (or authenticates to an application server) and to determine which network resources an authenticated user is authorized to access. Maintaining these separate systems incurs administrative overhead and requires users to log on separately to each system or service that they want to access.

The goal of this guide is to demonstrate that it is both feasible and advantageous to integrate Windows and UNIX more closely than the basic interoperation at the network level that is enabled by the fact that both are TCP/IP-based operating systems. Specifically, this guide describes how to integrate Windows and UNIX at the level of authentication (determining the identity of a user before allowing the user to log on) and, optionally, authorization (determining whether an authenticated user is authorized to access a given resource on the network).

This chapter provides a brief introduction to the following topics:

•The central role of the Active Directory® directory service in identity and access management.

•Overview of authentication and authorization.

•End states for integrating Windows and UNIX.

Get the rest here:

Comments (6)

  1. Anonymous says:

    Linux/Unix Authentication Against Active Directory

  2. Anonymous says:

    Any idea where there might be an update that uses Windows Server 2008?

  3. Sean Tapscott says:

    It doesn’t seem complete. Missing end states 3-5. Want to use end state 5; kerberos realm trust.

  4. ada says:

    Beijing on June 10 morning news, according to Bloomberg survey report GTM Research and the American Solar Energy Industries Association released the first quarter of this year, US home solar power system capacity increase of 76% over last year, to 437
    megawatts (MW) ,Solar Batteries the nation’s new generating capacity, more than half of which is a photovoltaic power generation. The report shows that a quarter of the US solar power capacity by
    1.3 gigawatts (GW), the sixth consecutive quarterly increase of over 1 GW. The total annual installed capacity is expected to reach 7.9 GW, Solar Power Penerator , Solar Power Pack representing an increase of 27%.
    The report predicts that by 2016 solar power will meet the electricity needs of about 800 million households in the United States to offset 45 million metric tons of carbon emissions, equivalent to removing 10 million cars. energy storage system