<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<div class="moz-cite-prefix">On 10/30/2014 11:09 AM, Lightner, Jeff
wrote:<br>
</div>
<blockquote
cite="mid:040B89C8B1E1D945AE2700C511A039E9EE5514@ATMEXDB04.dsw.net"
type="cite">
<!-- Template generated by Exclaimer Mail Disclaimers on 11:09:45 Thursday, 30 October 2014 -->
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<style type="text/css">P.7fa4818c-738d-43c7-986c-2d0bca862c08 {
MARGIN: 0cm 0cm 0pt
}
LI.7fa4818c-738d-43c7-986c-2d0bca862c08 {
MARGIN: 0cm 0cm 0pt
}
DIV.7fa4818c-738d-43c7-986c-2d0bca862c08 {
MARGIN: 0cm 0cm 0pt
}
TABLE.7fa4818c-738d-43c7-986c-2d0bca862c08Table {
MARGIN: 0cm 0cm 0pt
}
DIV.Section1 {
page: Section1
}
</style>
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I
haven’t used it myself but if I were going in this direction
I’d probably engage Centrify. They did presentations at
both AUUG and ALE and most of the folks at both those
presentations seemed to think it was a good solution. <o:p>
</o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><a
moz-do-not-send="true" href="http://www.centrify.com">http://www.centrify.com</a><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Of
course that’s a commercial solution but you’re paying for
RHEL & Windows anyway. Their web site shows a
TryIt/BuyIt for a 30 day eval.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">If
not going commercial I’d probably investigate Samba for the
Linux side of things.</span></p>
</div>
</blockquote>
<br>
I for one do not like Centrify. We use it. It replaces ssh and at
least ssl with it's own packages. downside: no one can use a
"console" such as single user mode because you are not up and
networked. At least we can't the way we are set up. Most
unsatisfying. Aside from that, Centrify does work. We ran into one
app that the web authentication would not work with the swapped out
libs/packages. Just one. RH IDM is a fraction of the cost (for
us). Check with your RH rep, you may have access to IDM by virtue
of the RHEL subscriptions, again, we do. Not that that stopped us
from deploying the hated Centrify. Windows weenies trying to solve
a Linux problem.<br>
<blockquote
cite="mid:040B89C8B1E1D945AE2700C511A039E9EE5514@ATMEXDB04.dsw.net"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
<a class="moz-txt-link-abbreviated" href="mailto:ale-bounces@ale.org">ale-bounces@ale.org</a> [<a class="moz-txt-link-freetext" href="mailto:ale-bounces@ale.org">mailto:ale-bounces@ale.org</a>]
<b>On Behalf Of </b>James Sumners<br>
<b>Sent:</b> Thursday, October 30, 2014 10:48 AM<br>
<b>To:</b> Atlanta Linux Enthusiasts - Yes! We run Linux!<br>
<b>Subject:</b> [ale] Mixed environments, central
authentication, and central user management?<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">I administer RHEL systems in an
environment that is primarily managed by a Windows domain.
That is, Active Directory (AD) controls usernames,
passwords, and all that jazz. I have my RHEL systems
_authenticating_ against AD but that's it. I don't pull user
ids, group ids, shells, group memberships, or anything else
out of AD. I'm at the point where I want to move in that
direction, though. And that's where I'd like some input from
the list...<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I can work with the AD administrator to
get whatever attributes added that I need to make such a
scenario work. But I wonder if that's worth it. Would it
be better to setup a vanilla LDAP server specifically
manage the RHEL users? If I did that, would I be able to
pass the authentication along to the AD server but get the
details out of the LDAP server? Or should I setup a
Kerberos server that communicates with AD in addition to
the LDAP server?<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">What are you guy's experience in this
regard? How did you solve this problem?<br clear="all">
<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal">-- <br>
James Sumners<br>
<a moz-do-not-send="true"
href="http://james.roomfullofmirrors.com/">http://james.roomfullofmirrors.com/</a><br>
<br>
"All governments suffer a recurring problem: Power
attracts pathological personalities. It is not that power
corrupts but that it is magnetic to the corruptible. Such
people have a tendency to become drunk on violence, a
condition to which they are quickly addicted."<br>
<br>
Missionaria Protectiva, Text QIV (decto)<br>
CH:D 59 <o:p></o:p></p>
</div>
</div>
</div>
<p class="7fa4818c-738d-43c7-986c-2d0bca862c08"> </p>
<p class="7fa4818c-738d-43c7-986c-2d0bca862c08"><font face="Arial"><font
color="fuchsia"><font style="FONT-FAMILY: Arial; FONT-SIZE:
10pt" size="2">Athena<font size="1">®</font>, Created for
the Cause</font><font size="1">™
</font></font></font></p>
<p class="7fa4818c-738d-43c7-986c-2d0bca862c08"><font size="2"
face="Arial">Making a Difference in the Fight Against Breast
Cancer</font></p>
<p class="7fa4818c-738d-43c7-986c-2d0bca862c08"><font size="2"
face="Arial">_________________________________________________________</font></p>
<p class="7fa4818c-738d-43c7-986c-2d0bca862c08"><span
style="FONT-FAMILY: Arial; FONT-SIZE: 10pt"><font
color="#7d7d7d">CONFIDENTIALITY NOTICE: This e-mail may
contain privileged</font></span></p>
<p class="7fa4818c-738d-43c7-986c-2d0bca862c08"><span
style="FONT-FAMILY: Arial; FONT-SIZE: 10pt"><font
color="#7d7d7d">or confidential information and is for the
sole use of the intended</font></span></p>
<p class="7fa4818c-738d-43c7-986c-2d0bca862c08"><span
style="FONT-FAMILY: Arial; FONT-SIZE: 10pt"><font
color="#7d7d7d">recipient(s). If you are not the intended
recipient, any disclosure,</font></span></p>
<p class="7fa4818c-738d-43c7-986c-2d0bca862c08"><span
style="FONT-FAMILY: Arial; FONT-SIZE: 10pt"><font
color="#7d7d7d">copying, distribution, or use of the
contents of this information</font></span></p>
<p class="7fa4818c-738d-43c7-986c-2d0bca862c08"><span
style="FONT-FAMILY: Arial; FONT-SIZE: 10pt"><font
color="#7d7d7d">is prohibited and may be unlawful. If you
have received this
</font></span><span style="FONT-FAMILY: Arial; FONT-SIZE:
10pt"><font color="#7d7d7d">electronic</font></span></p>
<p class="7fa4818c-738d-43c7-986c-2d0bca862c08"><span
style="FONT-FAMILY: Arial; FONT-SIZE: 10pt"><font
color="#7d7d7d">transmission in error, please reply
immediately to
</font></span><span style="FONT-FAMILY: Arial; FONT-SIZE:
10pt"><font color="#7d7d7d">the sender that</font></span></p>
<p class="7fa4818c-738d-43c7-986c-2d0bca862c08"><span
style="FONT-FAMILY: Arial; FONT-SIZE: 10pt"><font
color="#7d7d7d">you have received the message in error, and
delete it. Thank you.<br>
</font></span></p>
<font color="#7d7d7d">
</font>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Ale mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Ale@ale.org">Ale@ale.org</a>
<a class="moz-txt-link-freetext" href="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</a>
See JOBS, ANNOUNCE and SCHOOLS lists at
<a class="moz-txt-link-freetext" href="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
<a class="moz-txt-link-abbreviated" href="mailto:Damon@damtek.com">Damon@damtek.com</a>
404-271-8699
</pre>
</body>
</html>