Unified Diff

I maintain several client and server machines that, up until recently, all authenticated users locally. I wanted a more centralized mechanism that could handle the various users and systems on the network. The big catch is that a few key system run Linux while others run Windows. So after doing some research, I turned to Active Directory.

My first chore was to install Windows Server 2003 and configure it to be a domain controller. This part was fairly easy, although a little time-consuming. Once that was working I was able to quickly join the Windows machines to the domain. Now to deal with Linux… for that I chose Windows Services for Unix. This software alters the AD schema to allow for Unix account attributes. On the Linux machines, I installed OpenLDAP, a Kerberos client, configured PAM… and voila! Now AD users can authenticate on the Linux machines.

My home-made DHCP/DNS configuration tool, however, was a little trickier. The data for this tool is stored in a MySQL database and accessed via a PHP script. If I wanted to grant someone access to the tool, I needed to first give them a MySQL account. Since Active Directory is basically an LDAP server, I rewrote the authentication mechanism to query AD.

With very little work, I was able to simplify authentication and account management. While this is not new technology, I still feel all warm and fuzzy with a sense of accomplishment.