Authenticating Unix/Linux with 2k3 AD

[Guest]

Does anyone know how we can go about autheticating UNIX and LINUX boxes
against 2K3 AD. I am not looking to use WSFU. I would prefer a way to use
an LDAP module with UNIX or LINUX. Has anyone had experience with this and
if so can you share any information

 

[Herb Martin]

Does anyone know how we can go about autheticating UNIX and LINUX boxes
against 2K3 AD. I am not looking to use WSFU. I would prefer a way to use
an LDAP module with UNIX or LINUX. Has anyone had experience with this and
if so can you share any information

In theory at least there are two methods:

Make them NTLM clients with some of the SMB
software out there.

Arrange for Kerberos authentication (MIT v5).

I cannot describe the details but either/both should
work with varying degrees of difficulting (NTLM
is likely easier).

Probably the NTLM machines will never have an
"account" but be treated more like Win9x in
"association" with the domain.

With Kerberos trusts, they will likely be in a different
realm and act like a trusted domain.

 

[Joe Richards [MVP]]

While it is possible to use LDAP for auth it isn't recommended as it isn't
secure. The mechanisms usually rely on simple binds which are completely clear
text across the network. You want to look at implementing kerberos if you want
to do it right.

joe