On 30 Jan 2013 at 21:36:40, aragonx@xxxxxxxxxx wrote:
> I've just setup a pair of Fedora 18 boxes that I could use
> some help with getting them to join the active directory domain we have at
> work (2008 I think). What I would like is for users in a particular
> group in AD be allowed to log into the Fedora 18 boxes without me having
> to create accounts (and manage passwords) on the Fedora boxes. Is
> that possible?
It is certainly possible. Depending on how far you want to go, there is
a lot you can do.
The minimal I would suggest it you use the AD as an authentication
source via krb. You'll need to know what the AD domain controllers are
called and then use something like authconfig; it has command line
options, eg
authconfig --enablekrb5 --krb5kdc=ADdc.domain --enablekrb5kdcdns \
--krb5realm=DOMAIN --enablecache --enableshadow
At least then you are out of the password management business.
Getting users from the AD via LDAP also works although it helps if you
can do that without authentication (unlikely). There are ldap options
for authconfig as well.
Your users will have to have the AD attributes
uidNumber: <unique-uid>
gidNumber: <unique-gid>
unixHomeDirectory: /home/<user>
loginShell: /bin/bash or zsh or tcsh, etc
added to their AD entries.
We have had success for doing this and even doing a full AD join via
samba.
I think F18 has more integration options but my experience has been with
RHEL, CentOS and earlier versions of Fedora.
Anthony
--
Anthony R Fletcher
Room 2033, Building 12A, http://dcb.cit.nih.gov/~arif
National Institutes of Health, arif@xxxxxxxxxxxx
12A South Drive, Bethesda, Phone: (+1) 301 402 1741.
MD 20892-5624, USA.
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
