Upcoming Events

Cloud Connect
Santa Clara
Feb 13-16, 2012

Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

Vendor NewsFeed

More Vendor NewsFeed »

Security
W O R K S H O P  
Modular Authentication for Linux

  March 4, 2002
  By Jeremy Impson

  >> continued from previous page
Windows Domain Authentication in PAM

Printer Print Full Article
Printer Print This Page
Printer Download the PDF
E-Mail E-Mail This URL
To authenticate any service in a Linux system against a Microsoft Windows domain, you need a PAM module that is not available from the Red Hat 7.2 Linux installation CD. Download it from ftp://ftp.samba.org/pub/samba/pam_smb/. As of this writing, version 1.1.6 is the latest. Put it on your Linux system, then run the following commands:

tar zxvf pam_smb-1.1.6.tar.gz

cd pam_smb

./configure

make

cp pam_smb_auth.so /lib/security/

You'll need to edit the file /etc/pam_smb.conf so it looks like this:

DOMAIN

PDC

BDC1

BDC2

DOMAIN is the name of the Windows domain, PDC is the NetBIOS name of the primary domain controller. The BDC lines, the NetBIOS names of backup domain controllers, are optional. In fact, any Windows NT or 2000 server can be used here, as long as it is in the same domain. By using the PDC and BDCs, you can be sure there is a server always up and responding. Finally, edit the file /etc/hosts and add the following lines:

192.168.1.1 pdc.domain.net pdc 192.168.1.2 bdc1.domain.net bdc1 192.168.1.3 bdc2.domain.net bdc2

The IP addresses you use are those of your PDC and BDCs, and the FQDNs (Fully Qualified Domain Names, pdc. domain.net) are the actual DNS names of those computers. The final name for each line is the NetBIOS name. This last step may not be necessary if the NetBIOS names match the DNS host name for each domain controller and if the Linux server resolves (via DNS) the domain controllers¹ names without using the fully qualified domain name. In other words, if the PDC¹s NetBIOS name is PDC, then on the Linux server you should be able to type ping pdc and get a ping response. If not, you must edit /etc/hosts as described above. Then running ping pdc should work, as should pam_smb. See us1.samba.org/samba/ftp/docs/textdocs/ENCRYPTION.txt for more information on how the challenge-response authentication in a Windows domain works.


   Page: 1 | 2 | 3 | 4 | 5 | Next Page

Research and Reports

Hypervisor Derby
August 2011
Network Computing: August 2011

Video


WATCH: Box.net CEO Aaron Levie Takes On Microsoft

WATCH: HP Chairman Ray Lane: Focus On Innovation

WATCH: How OpenFlow Changes Networking


View All Videos
Previous Page First Page Second Page Third Page Next Page

Most Popular

Stories Blogs

More Stories »

Featured Whitepapers

Featured Reports

BlogRoll

TechWeb Careers