FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Red Hat Linux

 
 
LinkBack Thread Tools
 
Old 08-03-2010, 09:30 AM
Kenneth Holter
 
Default Using Centrify or Likewise for authenticating against AD

Hi all.


I've come across Centrify and Likewise as possible solutions for
having our RHEL servers authenticating against AD, instead of tweaking
our systems manually to set them up correctly. For those of you who
have used these products, what is your experience with these, and what
pros/cons have you come across?


Best regards,
Kenneth Holter

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 08-03-2010, 11:40 AM
"Paul M. Whitney"
 
Default Using Centrify or Likewise for authenticating against AD

I have limited experience with both. They both offer similar capabilities. However, if all you are looking for is basic authentication with password policy from AD server enforced, then Likewise offers a free version called Likewise Open.

Good luck,

Paul W.


On Aug 3, 2010, at 5:30 AM, Kenneth Holter wrote:

> Hi all.
>
>
> I've come across Centrify and Likewise as possible solutions for
> having our RHEL servers authenticating against AD, instead of tweaking
> our systems manually to set them up correctly. For those of you who
> have used these products, what is your experience with these, and what
> pros/cons have you come across?
>
>
> Best regards,
> Kenneth Holter
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 08-03-2010, 04:48 PM
Ryan Vong
 
Default Using Centrify or Likewise for authenticating against AD

Hi Kenneth,

See if this helps http://www.centrify.com/express
It's a free tool from Centrify...comes with a mgmt utility that automates the discovery of the servers and installs the necessary bits to join them to AD.


Cheers,
Ryan




--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 08-06-2010, 02:06 PM
Kenneth Holter
 
Default Using Centrify or Likewise for authenticating against AD

Thanks for both the replies.

I'm planning on testing Centrify Express in a couple of weeks. Found a site
http://www.workswithu.com/2010/07/23/active-directory-integration-centrify-express-vs-likewise/
that
compares Centrify against Likewise, and they both seem like good
alternatives, but I'm gonna start testing Centrify Express and then perhaps
test Likewise.


- Kenneth

On Tue, Aug 3, 2010 at 6:48 PM, Ryan Vong <ryan.vong@centrify.com> wrote:

> Hi Kenneth,
>
> See if this helps http://www.centrify.com/express
> It's a free tool from Centrify...comes with a mgmt utility that automates
> the discovery of the servers and installs the necessary bits to join them to
> AD.
>
>
> Cheers,
> Ryan
>
>
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 08-06-2010, 03:00 PM
"Mike Burger"
 
Default Using Centrify or Likewise for authenticating against AD

FWIW, I tried Likewise...my organization wound up just adding Kerberos to
AD, and using AD as a Kerberos authentication server.

The problem I had with Likewise was that any AD user could log into my
Linux and Unix servers with Likewise enabled...we didn't seem to be able
to restrict them. Using AD auth via Kerberose meant that local
authorization was in play with remote authentication (if the account
doesn't exist on the box, they can not log in...period).

> Thanks for both the replies.
>
> I'm planning on testing Centrify Express in a couple of weeks. Found a
> site
> http://www.workswithu.com/2010/07/23/active-directory-integration-centrify-express-vs-likewise/
> that
> compares Centrify against Likewise, and they both seem like good
> alternatives, but I'm gonna start testing Centrify Express and then
> perhaps
> test Likewise.
>
>
> - Kenneth
>
> On Tue, Aug 3, 2010 at 6:48 PM, Ryan Vong <ryan.vong@centrify.com> wrote:
>
>> Hi Kenneth,
>>
>> See if this helps http://www.centrify.com/express
>> It's a free tool from Centrify...comes with a mgmt utility that
>> automates
>> the discovery of the servers and installs the necessary bits to join
>> them to
>> AD.
>>
>>
>> Cheers,
>> Ryan
>>
>>
>>
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>


--
Mike Burger
http://www.bubbanfriends.org

Visit the Dog Pound II BBS
telnet://dogpound2.citadel.org or http://dogpound2.citadel.org

To be notified of updates to the web site, visit:

https://www.bubbanfriends.org/mailman/listinfo/site-update

or send a blank email message to:

site-update-subscribe@bubbanfriends.org

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 08-06-2010, 06:08 PM
"Joshua McClintock"
 
Default Using Centrify or Likewise for authenticating against AD

Likewise will allow you to restrict login based on Group Membership.
For 5.3 users, go to /etc/likewise/lsassd.conf and modify
'require-membership-of'. If you're using version 5.4 or 6, you'll need
to use lwregshell to modify the value. Let me know if you need any
help. Once you've modified the value, you'll need to refresh lsassd's
configuration (/opt/likewise/bin/lw-refresh-configuration). Sorry my
previous post didn't have a proper subject line.


Joshua McClintock
Likewise Community Engineer
Likewise Software, Inc.
Red Hat Certified Engineer (805009758142176)


************************************************** **********************
Message: 14
Date: Fri, 6 Aug 2010 11:00:46 -0400 (EDT)
From: "Mike Burger" <mburger@bubbanfriends.org>
To: "General Red Hat Linux discussion list" <redhat-list@redhat.com>
Subject: Re: Using Centrify or Likewise for authenticating against AD
Message-ID:

<54abd1dd3d896c0ec5f11d6f3962dc9e.squirrel@www.bub banfriends.org>
Content-Type: text/plain;charset=iso-8859-1

FWIW, I tried Likewise...my organization wound up just adding Kerberos
to
AD, and using AD as a Kerberos authentication server.

The problem I had with Likewise was that any AD user could log into my
Linux and Unix servers with Likewise enabled...we didn't seem to be able
to restrict them. Using AD auth via Kerberose meant that local
authorization was in play with remote authentication (if the account
doesn't exist on the box, they can not log in...period).

> Thanks for both the replies.
>
> I'm planning on testing Centrify Express in a couple of weeks. Found a
> site
>
http://www.workswithu.com/2010/07/23/active-directory-integration-centri
fy-express-vs-likewise/
> that
> compares Centrify against Likewise, and they both seem like good
> alternatives, but I'm gonna start testing Centrify Express and then
> perhaps
> test Likewise.
>
>
> - Kenneth
>
> On Tue, Aug 3, 2010 at 6:48 PM, Ryan Vong <ryan.vong@centrify.com>
wrote:
>
>> Hi Kenneth,
>>
>> See if this helps http://www.centrify.com/express
>> It's a free tool from Centrify...comes with a mgmt utility that
>> automates
>> the discovery of the servers and installs the necessary bits to join
>> them to
>> AD.
>>
>>
>> Cheers,
>> Ryan
>>
>>
>>
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>



--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 08-08-2010, 05:50 PM
Eugene Vilensky
 
Default Using Centrify or Likewise for authenticating against AD

On Fri, Aug 6, 2010 at 1:08 PM, Joshua McClintock
<jmcclintock@likewise.com> wrote:
> Likewise will allow you to restrict login based on Group Membership.
> For 5.3 users, go to /etc/likewise/lsassd.conf and modify
> 'require-membership-of'. *If you're using version 5.4 or 6, you'll need
> to use lwregshell to modify the value. *Let me know if you need any
> help. *Once you've modified the value, you'll need to refresh lsassd's
> configuration (/opt/likewise/bin/lw-refresh-configuration). *Sorry my
> previous post didn't have a proper subject line.

Hi Joshua,

Will this setting also change the default group ownership for newly
created files, or is there a related setting?

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 08-09-2010, 05:08 PM
"Joshua McClintock"
 
Default Using Centrify or Likewise for authenticating against AD

No it will not, that's more of a Linux thing you can do at the file
system level.

Try this:

mkdir /tmp/test
chgrp yourgroup /tmp/test
chmod 2775 /tmp/test
touch /tmp/test/foo
ls -l /tmp/test/foo

You should notice that /tmp/test/foo inherited the group ownership of
/tmp/test.


Joshua McClintock
Likewise Community Engineer
Likewise Software, Inc.
Red Hat Certified Engineer (805009758142176)

************************************************** **********************
********
Message: 1
Date: Sun, 8 Aug 2010 12:50:43 -0500
From: Eugene Vilensky <evilensky@gmail.com>
To: General Red Hat Linux discussion list <redhat-list@redhat.com>
Subject: Re: Using Centrify or Likewise for authenticating against AD
Message-ID:
<AANLkTikqXQhNjVLutdUTEz7c4b4xcit-KFHm9-HtCHiB@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

On Fri, Aug 6, 2010 at 1:08 PM, Joshua McClintock
<jmcclintock@likewise.com> wrote:
> Likewise will allow you to restrict login based on Group Membership.
> For 5.3 users, go to /etc/likewise/lsassd.conf and modify
> 'require-membership-of'. ?If you're using version 5.4 or 6, you'll
need
> to use lwregshell to modify the value. ?Let me know if you need any
> help. ?Once you've modified the value, you'll need to refresh lsassd's
> configuration (/opt/likewise/bin/lw-refresh-configuration). ?Sorry my
> previous post didn't have a proper subject line.

Hi Joshua,

Will this setting also change the default group ownership for newly
created files, or is there a related setting?



------------------------------

__
redhat-list mailing list
Unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

End of redhat-list Digest, Vol 78, Issue 8
******************************************

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 

Thread Tools




All times are GMT. The time now is 03:58 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org