Linux authentication against Active Directory

If you've been reading the blog for a while, you might remember me saying that I have been (and perpetually am) fighting with centralized authentication. Well, I'm here to update you.

I have found the answer, at least for authentication against Active Directory. Salvation, thy name is Likewise Software

Likewise produces two pieces of software. The first is Likewise Open, a free piece of software that authenticates your Linux/Mac/AIX/etc machine against active directory. It does this by making several changes to the default configuration of things like PAM and Samba. The end result is that you can log into your linux machine with Windows' Active Directory credentials. It's very neat, it's free, it's incredibly easy to install AND uninstall. Best of all, it really really integrates with Active Directory in, as far as I can tell given what little I know of AD, the Right Way(tm). I submit for your approval:


(click to embiggen)

You can see there, all of the machines that I've installed this on show up in Active Directory. When I log into the machine, I can log in with domain credentials and it knows about my default group (as specified in AD Users and Computers):

bandman@newcastle[504]:~$ ssh int\\msimmons@a-fs1
Password: 
Last login: Thu Aug  7 10:18:02 2008 from 10.1.1.24
[INT\msimmons@a-fs1 ~]$ ls -al
total 36
drwxr-xr-x 3 INT\msimmons INT\enterprise^admins 4096 Aug  7 10:18 .
drwxr-xr-x 3 root         root                  4096 Aug  5 21:17 ..
-rw------- 1 INT\msimmons INT\enterprise^admins  124 Aug  7 10:18 .bash_history
-rw-r--r-- 1 INT\msimmons INT\enterprise^admins   33 Aug  5 21:17 .bash_logout
-rw-r--r-- 1 INT\msimmons INT\enterprise^admins  176 Aug  5 21:17 .bash_profile
-rw-r--r-- 1 INT\msimmons INT\enterprise^admins  124 Aug  5 21:17 .bashrc
-rw-r--r-- 1 INT\msimmons INT\enterprise^admins   32 Aug  5 21:17 .k5login
drwxr-xr-x 4 INT\msimmons INT\enterprise^admins 4096 Aug  5 21:17 .mozilla
-rw------- 1 INT\msimmons INT\enterprise^admins   58 Aug  7 10:18 .Xauthority

Let me tell you, I'm impressed.

Now, this is just Likewise Open, the free version. It only modifies the configuration on the Unix based machines. Also available is Likewise Enterprise, which provides the same service, but goes above and beyond Likewise Open, in that it actually makes changes to the AD structure. As far as I know, all of those changes are benign, in that they break nothing related to any other Windows service. I haven't worked my way through the nearly 500 pages of documentation that I had printed and bound at Kinkos the other day.

I'm sure this post sounded like a commercial, but it's not. I haven't been paid (or even contacted, other than the initial autogen email) by Likewise software, I'm just a grateful user who is happy to share knowledge of a tool that works. Finally.