Professional Documents
Culture Documents
Sponsored by
Configuring Linux and Macs to Use
Active Directory for Users, Groups,
Kerberos Authentication and even Group
Policy
Made possible by
Thanks to
1
1/24/2017
Default
kerberos ldap
passwd shadow
domain
controllers
2
1/24/2017
Theoretically just
Plugging in Kerberos and configuring it with AD domain
controller
Configuring LDAP for NSS and pointing it at AD as well
Default
kerberos ldap
passwd shadow
domain
controllers
3
1/24/2017
SSSD
AD module
kerberos ldap
AD
4
1/24/2017
vi /etc/hosts
CentOS SSSD
hostname linuxtm.lab.local
/etc/init.d/network restart
5
1/24/2017
CentOS SSSD
Are we really joined to the domain?
CentOS SSSD
6
1/24/2017
CentOS SSSD
100k
range
Domain 100k
SID to UID/GID SID hash range
mapping 100k
range
User’s RID
100k
range
100k
Nifty! range
If you only have one domain
and a green field …
7
1/24/2017
CentOS 7.5
Green field
Small environments
*nix Built-in 1 domain, etc
Homogenous environments
AD Awareness 1 distro of *nix
Do you have
Pre-existing environment?
Integration of Multiple distros off Linux, Apple or Unix?
*nix and AD Version changes within the same distro changes each version
And flavors within: Core, GUI,
Multiple domains?
Legacy users and groups on *nix systems with different UIDs
and GIDs?
8
1/24/2017
Kerberos/SSO Issues
Nix to Nix
Accessing Java based site
Windows to Nix
SSH key replacement
Keytab files
Beyond just Samba and DFS
authentication Group Policy
Nix based management of AD
Reporting and Compliance
Technical issues
Authorization
Off-Line Joins
Support / finger-pointing
AIX
Apple
Solaris
9
1/24/2017
Redhat
Debian
AIX
Apple
Solaris
© 2017 Monterey Technology Group Inc.
PowerBroker
Identity Services
10
1/24/2017
Privilege Management:
PowerBroker for Windows & Mac
PowerBroker for Sudo
PowerBroker for Unix & Linux
Vulnerability Management:
Vulnerability Management
Patch Mgmt for Adobe, Java, etc
Analytic Reporting
11
1/24/2017
Architecture Overview
• No Changes to AD schema (Uses RFC2307)
• Fully integrated with ADUC & GPMC
• Manage with supplied snap-ins or 3rd party tools
• Command Line Toolset (For AD Management)
• Easily configure alternate Unix Identities with cells
• Deploy and Join using web based console
Supported Platforms
• Wide range of supported
platforms, providing a
consistent installation,
configuration and management
experience across the
enterprise.
12
1/24/2017
Simple Deployment
• Discover
• Profile
• Install
• Domain Join
• Upgrade
13
1/24/2017
Product Demonstration
Quick Poll
14
1/24/2017
Q&A
Thank you for attending!
15