Joining Linux servers to AD

ZuG · 29 Jan 2011 at 21:52

Hello,
We are trying to centralise the authentication on our Linux servers because there we have so many that they are becoming unmanageable. However, I am unsure whether joining them to our standard AD domain would be wise. I am starting to believe that we should run a Linux only domain as we should keep the domain as small and restricted as possible. For example, we may want people to have access to AD who we do not want to have access to our main Linux web servers.

What is the general view in corporate networks for this? Do you run multiple domains, putting servers on different domains than staff? Is it wise to join Linux servers to AD for reliability and security?

Cheers.

img · 30 Jan 2011 at 10:53

I use unixservices on our domain and it works ok but its not brilliant. I like to have it simpler so as they are same network same users it seemed good to integrate but depends on your enviroment.
Have you looked at quest tools as they do sonething for this?

droyden · 31 Jan 2011 at 20:04

Could configure PAM to authenticate from AD? You might need to extend the schema for full functionality

memyselfandi · 1 Feb 2011 at 05:44

One of my colleagues looked at this a bit in the past for some project we were doing for a customer.

There is quite a bit of information available online on how to do this (via Google) but be careful that you look at instruction for the correct version of AD that you are using as the requirements and work involved does vary.

ZuG · 1 Feb 2011 at 11:41

Thanks for you help on this.

From a security view, would it be wise or would it be better to have a segregated domain?