Likewise will allow you to restrict login based on Group Membership. For 5.3 users, go to /etc/likewise/lsassd.conf and modify 'require-membership-of'. If you're using version 5.4 or 6, you'll need to use lwregshell to modify the value. Let me know if you need any help. Once you've modified the value, you'll need to refresh lsassd's configuration (/opt/likewise/bin/lw-refresh-configuration). Sorry my previous post didn't have a proper subject line. Joshua McClintock Likewise Community Engineer Likewise Software, Inc. Red Hat Certified Engineer (805009758142176) ************************************************************************ Message: 14 Date: Fri, 6 Aug 2010 11:00:46 -0400 (EDT) From: "Mike Burger" <mburger@xxxxxxxxxxxxxxxxx> To: "General Red Hat Linux discussion list" <redhat-list@xxxxxxxxxx> Subject: Re: Using Centrify or Likewise for authenticating against AD Message-ID: <54abd1dd3d896c0ec5f11d6f3962dc9e.squirrel@xxxxxxxxxxxxxxxxxxxxx> Content-Type: text/plain;charset=iso-8859-1 FWIW, I tried Likewise...my organization wound up just adding Kerberos to AD, and using AD as a Kerberos authentication server. The problem I had with Likewise was that any AD user could log into my Linux and Unix servers with Likewise enabled...we didn't seem to be able to restrict them. Using AD auth via Kerberose meant that local authorization was in play with remote authentication (if the account doesn't exist on the box, they can not log in...period). > Thanks for both the replies. > > I'm planning on testing Centrify Express in a couple of weeks. Found a > site > http://www.workswithu.com/2010/07/23/active-directory-integration-centri fy-express-vs-likewise/ > that > compares Centrify against Likewise, and they both seem like good > alternatives, but I'm gonna start testing Centrify Express and then > perhaps > test Likewise. > > > - Kenneth > > On Tue, Aug 3, 2010 at 6:48 PM, Ryan Vong <ryan.vong@xxxxxxxxxxxx> wrote: > >> Hi Kenneth, >> >> See if this helps http://www.centrify.com/express >> It's a free tool from Centrify...comes with a mgmt utility that >> automates >> the discovery of the servers and installs the necessary bits to join >> them to >> AD. >> >> >> Cheers, >> Ryan >> >> >> >> >> -- >> redhat-list mailing list >> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >> https://www.redhat.com/mailman/listinfo/redhat-list >> > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
