<div dir="ltr">I administer RHEL systems in an environment that is primarily managed by a Windows domain. That is, Active Directory (AD) controls usernames, passwords, and all that jazz. I have my RHEL systems _authenticating_ against AD but that's it. I don't pull user ids, group ids, shells, group memberships, or anything else out of AD. I'm at the point where I want to move in that direction, though. And that's where I'd like some input from the list...<div><br></div><div>I can work with the AD administrator to get whatever attributes added that I need to make such a scenario work. But I wonder if that's worth it. Would it be better to setup a vanilla LDAP server specifically manage the RHEL users? If I did that, would I be able to pass the authentication along to the AD server but get the details out of the LDAP server? Or should I setup a Kerberos server that communicates with AD in addition to the LDAP server?</div><div><br></div><div>What are you guy's experience in this regard? How did you solve this problem?<br clear="all"><div><br></div>-- <br>James Sumners<br><a href="http://james.roomfullofmirrors.com/">http://james.roomfullofmirrors.com/</a><br><br>"All governments suffer a recurring problem: Power attracts pathological personalities. It is not that power corrupts but that it is magnetic to the corruptible. Such people have a tendency to become drunk on violence, a condition to which they are quickly addicted."<br><br>Missionaria Protectiva, Text QIV (decto)<br>CH:D 59
</div></div>