<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<!-- Template generated by Exclaimer Mail Disclaimers on 11:09:45 Thursday, 30 October 2014 -->
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style type="text/css">P.7fa4818c-738d-43c7-986c-2d0bca862c08 {
MARGIN: 0cm 0cm 0pt
}
LI.7fa4818c-738d-43c7-986c-2d0bca862c08 {
MARGIN: 0cm 0cm 0pt
}
DIV.7fa4818c-738d-43c7-986c-2d0bca862c08 {
MARGIN: 0cm 0cm 0pt
}
TABLE.7fa4818c-738d-43c7-986c-2d0bca862c08Table {
MARGIN: 0cm 0cm 0pt
}
DIV.Section1 {
page: Section1
}
</style>
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<p class="7fa4818c-738d-43c7-986c-2d0bca862c08"></p>
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I haven’t used it myself but if I were going in this direction I’d probably engage Centrify. They did presentations at both AUUG and ALE and most of the
folks at both those presentations seemed to think it was a good solution. <o:p>
</o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><a href="http://www.centrify.com">http://www.centrify.com</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Of course that’s a commercial solution but you’re paying for RHEL & Windows anyway. Their web site shows a TryIt/BuyIt for a 30 day eval.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">If not going commercial I’d probably investigate Samba for the Linux side of things.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> ale-bounces@ale.org [mailto:ale-bounces@ale.org]
<b>On Behalf Of </b>James Sumners<br>
<b>Sent:</b> Thursday, October 30, 2014 10:48 AM<br>
<b>To:</b> Atlanta Linux Enthusiasts - Yes! We run Linux!<br>
<b>Subject:</b> [ale] Mixed environments, central authentication, and central user management?<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">I administer RHEL systems in an environment that is primarily managed by a Windows domain. That is, Active Directory (AD) controls usernames, passwords, and all that jazz. I have my RHEL systems _authenticating_ against AD but that's it.
I don't pull user ids, group ids, shells, group memberships, or anything else out of AD. I'm at the point where I want to move in that direction, though. And that's where I'd like some input from the list...<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I can work with the AD administrator to get whatever attributes added that I need to make such a scenario work. But I wonder if that's worth it. Would it be better to setup a vanilla LDAP server specifically manage the RHEL users? If I
did that, would I be able to pass the authentication along to the AD server but get the details out of the LDAP server? Or should I setup a Kerberos server that communicates with AD in addition to the LDAP server?<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">What are you guy's experience in this regard? How did you solve this problem?<br clear="all">
<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal">-- <br>
James Sumners<br>
<a href="http://james.roomfullofmirrors.com/">http://james.roomfullofmirrors.com/</a><br>
<br>
"All governments suffer a recurring problem: Power attracts pathological personalities. It is not that power corrupts but that it is magnetic to the corruptible. Such people have a tendency to become drunk on violence, a condition to which they are quickly
addicted."<br>
<br>
Missionaria Protectiva, Text QIV (decto)<br>
CH:D 59 <o:p></o:p></p>
</div>
</div>
</div>
<p></p>
<p class="7fa4818c-738d-43c7-986c-2d0bca862c08"> </p>
<p class="7fa4818c-738d-43c7-986c-2d0bca862c08"></p>
<p class="7fa4818c-738d-43c7-986c-2d0bca862c08"><font face="Arial"><font color="fuchsia"><font style="FONT-FAMILY: Arial; FONT-SIZE: 10pt" size="2">Athena<font size="1">®</font>, Created for the Cause</font><font size="1">™
</font></font></font></p>
<p class="7fa4818c-738d-43c7-986c-2d0bca862c08"><font size="2" face="Arial">Making a Difference in the Fight Against Breast Cancer</font></p>
<p class="7fa4818c-738d-43c7-986c-2d0bca862c08"><font size="2" face="Arial">_________________________________________________________</font></p>
<p class="7fa4818c-738d-43c7-986c-2d0bca862c08"><span style="FONT-FAMILY: Arial; FONT-SIZE: 10pt"><font color="#7d7d7d">CONFIDENTIALITY NOTICE: This e-mail may contain privileged</font></span></p>
<p class="7fa4818c-738d-43c7-986c-2d0bca862c08"><span style="FONT-FAMILY: Arial; FONT-SIZE: 10pt"><font color="#7d7d7d">or confidential information and is for the sole use of the intended</font></span></p>
<p class="7fa4818c-738d-43c7-986c-2d0bca862c08"><span style="FONT-FAMILY: Arial; FONT-SIZE: 10pt"><font color="#7d7d7d">recipient(s). If you are not the intended recipient, any disclosure,</font></span></p>
<p class="7fa4818c-738d-43c7-986c-2d0bca862c08"><span style="FONT-FAMILY: Arial; FONT-SIZE: 10pt"><font color="#7d7d7d">copying, distribution, or use of the contents of this information</font></span></p>
<p class="7fa4818c-738d-43c7-986c-2d0bca862c08"><span style="FONT-FAMILY: Arial; FONT-SIZE: 10pt"><font color="#7d7d7d">is prohibited and may be unlawful. If you have received this
</font></span><span style="FONT-FAMILY: Arial; FONT-SIZE: 10pt"><font color="#7d7d7d">electronic</font></span></p>
<p class="7fa4818c-738d-43c7-986c-2d0bca862c08"><span style="FONT-FAMILY: Arial; FONT-SIZE: 10pt"><font color="#7d7d7d">transmission in error, please reply immediately to
</font></span><span style="FONT-FAMILY: Arial; FONT-SIZE: 10pt"><font color="#7d7d7d">the sender that</font></span></p>
<p class="7fa4818c-738d-43c7-986c-2d0bca862c08"><span style="FONT-FAMILY: Arial; FONT-SIZE: 10pt"><font color="#7d7d7d">you have received the message in error, and delete it. Thank you.<br>
</p>
</font></span>
<p></p>
<p></p>
<p></p>
</body>
</html>