| Outline | ||
|---|---|---|
 | Linux Authenticating against Active Directory |  |
| Outline | ||
|---|---|---|
| | Linux Authenticating against Active Directory | |
AD's LDAP and Kerberos services are of interest to the UNIX admin.
First step is to get Kerberos set up well enough to have kinit work. We demonstrate that in .
In , we use command line ldapsearch to look at the LDAP tree AD serves.
The authenticiation for ldapsearch may be simple bind, but it may also be in the form of a Kerberos ticket, which is why Kerberos setup came first.
With ldapsearch we can look around in the LDAP tree that represents the AD domain.
I show how to fetch some useful information.
Having Kerberos and LDAP working thus far enables us to integrate LDAP UID lookup into nsswitch.
We do so in .
In we do exactly the same, but now with sss instead of nsswitch.
We make a small excursion showing that an AD Kerberos ticket can be used to access a Windows share in .
| |  | |
| Prerequisites |  | Kerberos may need AD nameserving |