Home page logo

basics logo Security Basics mailing list archives

RE: Unix/Linux accounts integrated within AD?
From: "Roger A. Grimes" <roger () banneretcs com>
Date: Wed, 29 Aug 2007 17:53:26 -0400

The short answer is yes

There are several ways to do this and several whitepapers and a few
books on it (I've read two books on it, one by Mark Minasi called Linux
for Windows Administrators, and another excellent one by Jeremy
ment/dp/0782144284) on integrating Windows and Linux environments, and
both are very good.  The latter one has more detail on integration than
the former,and there are many, many other books on the subject.

On method is to enable LDAP on the non-Windows side and then use LDAP
tools (on the Windows or Linux side) to manage the users and passwords.
You can also install Services for Unix (or whatever it is called
depending on the version) and manage the whole thing from Windows.

There are many other methods. All of them take a little work, and none
of the solutions are perfect. For the most part you don't get things
like Group Policy on the Linux side (unless you buy Novell's SUSE), but
you can manage user accounts, passwords, and the like across
environments. Plenty of caveats, but its easier than managing two
different systems.


*Roger A. Grimes, InfoWorld, Security Columnist 
*CPA, CISSP, CISA, MCSE: Security (2000/2003), CEH, yada...yada...
*email: roger_grimes () infoworld com or roger () banneretcs com
*Author of Windows Vista Security: Securing Vista Against Malicious
Attacks (Wiley)

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Dummy cerberus
Sent: Wednesday, August 29, 2007 2:44 AM
To: security-basics () securityfocus com
Subject: Unix/Linux accounts integrated within AD?


First of all, thank you very much for your help wit my question about
GPOs and so on... your answers helped me a lot...

Now I have the following question: I have found that my organization has
several kind of OS installed on computers... most of them are
W2K/W2K3 integrated within a W2K domain...

Since admins have to remember lots of accounts/passwords for the W2K*
servers, and the others with Linux, HP-UX, Solaris, etc... I have found
that most of the passwords are too simple, and repeated all over the
non-W2K* systems...

I have tried with a password manager, but some times we lost a valuable
time searching for the strong password for one system at the password
manager software...

Is there anyway to integrate the OS accounts of UNIX-like sysetms with
an AD?

Best regards

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]