Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Unix/Linux accounts integrated within AD?

from [Roger A. Grimes] Network Security [Permanent Link]
Subject: RE: Unix/Linux accounts integrated within AD?
Date: Wed, 29 Aug 2007 17:53:26 -0400 
The short answer is yes

There are several ways to do this and several whitepapers and a few
books on it (I've read two books on it, one by Mark Minasi called Linux
for Windows Administrators, and another excellent one by Jeremy
Moskowitz
(http://www.amazon.com/Windows-Linux-Integration-Hands-Solutions-Environ
ment/dp/0782144284) on integrating Windows and Linux environments, and
both are very good.  The latter one has more detail on integration than
the former,and there are many, many other books on the subject.

On method is to enable LDAP on the non-Windows side and then use LDAP
tools (on the Windows or Linux side) to manage the users and passwords.
You can also install Services for Unix (or whatever it is called
depending on the version) and manage the whole thing from Windows.

There are many other methods. All of them take a little work, and none
of the solutions are perfect. For the most part you don't get things
like Group Policy on the Linux side (unless you buy Novell's SUSE), but
you can manage user accounts, passwords, and the like across
environments. Plenty of caveats, but its easier than managing two
different systems.

Roger

*****************************************************************
*Roger A. Grimes, InfoWorld, Security Columnist 
*CPA, CISSP, CISA, MCSE: Security (2000/2003), CEH, yada...yada...
*email: roger_grimes@infoworld.com or roger@banneretcs.com
*Author of Windows Vista Security: Securing Vista Against Malicious
Attacks (Wiley)
*http://www.amazon.com/Windows-Vista-Security-Securing-Malicious/dp/0470
101555
*****************************************************************


-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Dummy cerberus
Sent: Wednesday, August 29, 2007 2:44 AM
To: security-basics@securityfocus.com
Subject: Unix/Linux accounts integrated within AD?

Hello,

First of all, thank you very much for your help wit my question about
GPOs and so on... your answers helped me a lot...

Now I have the following question: I have found that my organization has
several kind of OS installed on computers... most of them are
W2K/W2K3 integrated within a W2K domain...

Since admins have to remember lots of accounts/passwords for the W2K*
servers, and the others with Linux, HP-UX, Solaris, etc... I have found
that most of the passwords are too simple, and repeated all over the
non-W2K* systems...

I have tried with a password manager, but some times we lost a valuable
time searching for the strong password for one system at the password
manager software...

Is there anyway to integrate the OS accounts of UNIX-like sysetms with
an AD?

Best regards
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Access to AD systems, neil.daugherty
Next by Date:  Re: Unix/Linux accounts integrated within AD?, Serguei A. Mokhov
Previous by Thread:  Unix/Linux accounts integrated within AD?, Dummy cerberus
Next by Thread:  Re: Unix/Linux accounts integrated within AD?, Serguei A. Mokhov
Indexes:  [Date] [Thread] [Top] [All Lists]