Home > Ask the Enterprise Linux Experts > Linux migration and administration Questions & Answers > ID management with Active Directory
Ask The Enterprise Linux Expert: Questions & Answers
EMAIL THIS

ID management with Active Directory

Kenneth Milberg EXPERT RESPONSE FROM: Kenneth Milberg

Pose a Question
Other Enterprise Linux Categories
Meet all Enterprise Linux Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 26 March 2007
We want to consolidate all our identity management for their *nix servers with their existing Active Directory infrastructure. While commercial products, such as Centrify's DirectControl, will do this for a price, most operating systems (e.g., Solaris) have native support for the underlying technologies used by AD: Kerberos and LDAP. Could you offer some advice on how such an integration can be performed?

>

You're definitely on the right track when you mention LDAP. Lightweight Directory Access Protocol (LDAP) is very popular with all Unix and Linux systems. The clients themselves use either LDAP alone, or LDAP with Kerberos, to allow them to achieve all their user management requirements. LDAP provides a centralized method of maintaining system configuration and policy information, and also simplifies systems administration.

First, you must understand that each Unix or Linux distribution will have its own client methodology of integrating services with Active directory. For example, let's look at AIX, IBM's Unix, which can be configured to allow the Unix servers to become clients to the LDAP servers running Microsoft Active Directory Server, IBM Tivoli Directory Servers and various either directory servers.

To allow AIX clients to authenticate against Active Directory, one must install "Windows services for Unix" on an Active Directory services-based system, then configure the AIX 5L clients. The AIX 5L operating system supports Active Directory services running on both Windows 2000 and 2003. You would need Services for Unix schema Version 3.0 and 3.5. You would also need to install an APAR (fixpack) to allow for this support. The APAR is IY91514 and after it is installed, it allows the support of Active Directory with the Windows 2003 R2 schema.

AIX supports two user authentication mechanisms against Windows servers, either Kerberos or LDAP authentication and Kerberos authentication. Either method allows client support with no requirement for a corresponding user account on the Unix server. On the Windows Server, you will need to make sure that Active Directory has the Unix support schema installed. You would also need to make sure that the users are Unix-enabled and if you have chosen Kerberos authentication, a host principle should be created on the Windows server.

To configure the client itself, you would use the mksecldap command to configure the clients against the Active Directory server. Type: 

#mksecldap

Do a man on this command for more options. The –c option configures the client. To set all users on the local host so that they authenticate through LDAP, type: 

mksecldap -c -u ALL

For more information, look at the IBM redbook that takes you through a step by step process of configuring the clients. Good luck!


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
Enlightenment (E)  (SearchEnterpriseLinux.com)
GNU GRUB  (SearchEnterpriseLinux.com)
GRUB (GRand Unified Bootloader)  (SearchEnterpriseLinux.com)
Linux Standard Base  (SearchEnterpriseLinux.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



Linux Migration Advice: Unix-to-Linux, Windows-to-Linux
HomeNewsTopicsITKnowledge ExchangeTipsBlogsAsk the ExpertsMultimediaWhite PapersIT Downloads
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts