Hi Everyone, I'm trying to find a open source solution to authenticate a bunch of Linux machines (and, ideally, network devices etc.) against Active Directory, as unfortunately in our organization this is the primary source of account data. The complication we have is that my organization has more than one Active Directory Domain, each hosted on its own collection of domain controllers. This breaks every technique i've found for authenticating Linux machines directly against AD. In Windows, users select the relevant domain when they login to a PC and everyone is happy [there is a trust relationship between our domains].
The current setup is Fedora Directory Server, and passsync on all our (very very many) domain controllers with multiple replication agreements (one per AD domain). This seems to work - most of the time - and we then used NIS netgroups to authenticate access to machines. This is a giant mess; adding a machine or user takes a very long time and requires changes in three places. We are unable to get a FDS replica to actually work. A small but significant number of password changes do not sync AD->LDAP. If a user is disabled in AD, this does not appear in FDS. I could go on, but the summary is we really really hate this setup and are looking to improve it! I played with Samba many years ago but am aware that in recent years it has come along significantly. I know that it can become a Domain Controller (and, therefore, presumably get hold of users password hashes) but can I trivially authenticate Linux machines against this machine? Ideally without installing anything on a base RHEL machine, but I can install something if required. Any help/advice/comments would be greatly appreciated. Many thanks, Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
