No announcement yet.

Linux auth to Active Directory - Using AD Security Groups??

  • Filter
  • Time
  • Show
Clear All
new posts

  • Linux auth to Active Directory - Using AD Security Groups??

    Question for anyone that has been involved in doing integration/SSO work between Linux (RedHat mainly) and Active Directory.

    We have worked out how to get ldap working through PAM to check the logon name and password against AD and process the logon accordingly from there. However we cant work out how to get Linux/PAM to go one step further and check for the existance of membership of a particular group and only grant access to the linux shell based upon that membership.

    This is identical to how we do it in Windows, we create a domain global security group and populate it with user accounts. We then assign permissions (NTFS, Local Admin, etc) to that group. When a user then accesses that resource, the group membership grants the relevant access level from there.

    We are just trying to replaciate this in a Linux environment. Its a mixed Windows/Linux environment, and we are already using Security Groups to assign access to Windows resources, and want to use the same methodolgy for Linux access.

    Thx in advance!
    Last edited by Ryzz; 7th July 2009, 06:14. Reason: Helps if i define what the SSO is between

  • #2
    Re: Linux auth to Active Directory - Using AD Security Groups??

    We have imlemented a solution similar to what you are referring to. We currently have SLES10 SP2 server that authenticates against AD for Samba share access and folder redirection. The share access is controlled by AD group permissions via kerberos, winbind, PAM and Samba configs.

    When you are adding users to certain security groups are the being added to AD or the linux box? Can a user login to the linux bos using their AD credentials? I think this may be the key.