SSSD for Linux Authentication with Active Directory

Slides:



Advertisements
Similar presentations
UAG Authentication and Authorization- part1
Advertisements

© 2009 GroundWork Open Source, Inc. PROPRIETARY INFORMATION: Information contained herein is not for use or disclosure outside of GroundWork Open Source,
Remote Name Mapping for Linux NFSv4 Andy Adamson Center For Information Technology Integration University of Michigan August 2005.
How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.
Windows Monitoring Yancy Ribbens
Introduction to Active Directory
Remote Name Mapping Linux NFSv4 Andy Adamson Center For Information Technology Integration University of Michigan.
CIT 470: Advanced Network and System Administration
Vikram Thakur Introduction to Active Directory Structure.
Guide to MCSE , Enhanced 1 Activity 4-1: Creating and Adding Members to Global Groups Objective: Use Active Directory Users and Computers to create.
Module 1: Installing Active Directory Domain Services
(ITI310) SESSIONS : Active Directory By Eng. BASSEM ALSAID.
Session 6 Windows Platform Dina Alkhoudari. Learning Objectives What is Active Directory Logical components of active directory Physical components of.
Configuring CIFS Upon completion of this module, you should be able to: Configure the Data Mover for a Windows environment Create and Join a CIFS Server.
Understand Active Directory Infrastructure
Building a KDC. Kerberos Implementations RedHat 5 comes with MIT Kerberos 1.6 Ubuntu LTS comes with MIT Kerberos Admin through CLI, but from.
Designing Active Directory for Security
Extending Active Directory Authentication and Account Management To Solaris 10 Systems A HOWTO guide for joining a Solaris 10 (8/07) host to a domain in.
Active Directory Boundaries - Purpose Replication Boundaries Security Boundaries.
Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring, Managing, and Troubleshooting Resource Access.
NMI-EDIT CAMP Synopsis, ISCSI Storage Solution, Linux Blade Cluster, And Current State Of NetID By Jonathan Higgins Presentation Template available from.
Maintaining Active Directory Domain Services
Module 8: Implementing the Placement of Domain Controllers.
Company Confidential 1 A Course on Global Catalog And Flexible Single Master Operations (Fsmo) Roles Prepared for: *Stars* New Horizons Certified Professional.
Platform & Engineering Services CERN IT Department CH-1211 Geneva 23 Switzerland t PES AI’s user access, OpenStack security groups and firewall.
Introduction to Active Directory Domain Services
Module 1: Implementing Active Directory ® Domain Services.
ITS – Identity Services ONEForest Security Jake DeSantis Keith Brautigam
Session 8 Windows Platform Dina Alkhoudari. Learning Objectives Read Only Domain Controller Active Directory Certificate Service Group Policy.
CERN IT Department CH-1211 Genève 23 Switzerland t IT Configuration Activities Gavin McCance Online Cross-experiment Meeting, 14 June 2012.
OVERVIEW OF ACTIVE DIRECTORY
Introduction to Active Directory
Michael Tinker September 16, 2004
© Compiled by David Brewster Networking Diploma – Orange Group S Class Presentation: Operations Master Roles.
Hussain Ali Department of Computer Engineering KFUPM, Dhahran, Saudi Arabia Active Directory.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
11 GLOBAL CATALOG AND FLEXIBLE SINGLE MASTER OPERATIONS (FSMO) ROLES Chapter 4.
CEG 2400 Fall 2012 Directory Services Active Directory Tree Domain.
7.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 7: Planning.
Security-Enhanced Linux Stephanie Stelling Center for Information Security Department of Computer Science University of Tulsa, Tulsa, OK
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
SSSD and FreeIPA Advanced user management in Linux Red Hat Czech s.r.o. Jan Zelený 12 th February 2011.
Understand User Authentication LESSON 2.1A Security Fundamentals.
CIS Host Manager Bryce Johnston CIS 597 May 8, 2009.
BUILDING A NEW ACTIVE DIRECTORY Smita Carneiro, GCWN Active Directory Systems engineer Purdue University.
Group policy.
Managing User and Service Accounts
Overview of Active Directory Domain Services
CollegeSource Security Application &
Shared Services with Spotfire
Unix System Administration
CIT 470: Advanced Network and System Administration
O365 & AZURE ADDS Mladen Baranek, Miadria
Implementing Active Directory Domain Services
Overview of Active Directory Domain Services
Active Directory Fundamentals
(ITI310) SESSIONS 6-7-8: Active Directory.
Extending Active Directory Authentication and Account Management To Solaris 10 Systems A HOWTO guide for joining a Solaris 10 (8/07) host to a domain.
Computer courses in Chandigarh. Very Brief History of Computers.
Ask the Microsoft Infrastructure Team October 2017
Authentication Servers سرورهای تشخیص هویت
CIT 470: Advanced Network and System Administration
Topics discussed in this section:
Active Directory Overview
FSMO Roles and Global Catalog Servers
Active Directory Computers
ACTIVE DIRECTORY An Overview.. By Karan Oberoi.
Trick Words Level 1 Press space bar to begin and then again after student has read each word.
Developing with uConnect
Presentation transcript:

SSSD for Linux Authentication with Active Directory Frank Penrose, Casey Coughlen – Engineering IT Erik Coleman, Devin Gengelbach – Technology Services

Linux Authentication with AD Brief History Recent developments and plans Best practices Sample configs Open discussion on what is needed next

Brief History of Linux Auth w/AD

Brief History of Linux Auth w/AD

Homage to Our Linux Friends… David Anderson 1974-2012 Andrew Hurt 1976-2017

Active Directory – Linux Support What we’ve done so far POSIX (RFC 2307) Attribute Schema uidNumber generation for netids gidGroups for users

Active Directory – Linux Support What we’ve got left to do  Pre-populate homeDirectory: /home/netid  Pre-populate loginShell: /bin/bash

Best Practices Populate your created user and group objects with uidNumber and gidNumber less than 100000 Restrict your search bases for users and groups to only the campus OUs and OUs that are COMPLETELY within your control Put the group name for your own created groups into extensionAttribute12 If you use Kerberos for authentication, you should join your Linux computers to the Active Directory domain (Ask me why Engineering does NOT) Set a minimum allowed uidNumber and gidNumber above 500 Use allowed groups and restricted groups in conjunction with access.conf and TEST TEST TEST Monitor SSSD configurations over a few days before making production to ensure that caching is not running amok in the background

Sample Configurations Illinois Wiki Space – Book of Engineering Linux-> SSSD https://wiki.illinois.edu/wiki/display/boeli/SSSD Config review and Demo Time

Active Directory – Linux Support Other Issues NIS Groups UID numbers under 100000 Uniqueness of uidNumber / gidNumber Bear in mind IAMU role in this—providing authN/authZ infrastructure. We aren't going to be forcing ways to do things. That said, we have to caution the use of OUs as security boundaries

Give us your Feedback! What are we missing? What do you want to see? What about NIS Groups Global uidNumber  plan (< 100,000)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.