Tuesday, March 10, 2009

Active Directory (AD) Authentication on a Linux Server

Domain Authentication for Linux

I've updated the instructions here to support RHEL 6. I've streamlined things a bit, too, so I'd head over to this page to get the latest on setting up AD authentication for a Linux server. There are a lot of how-tos surrounding the integration of authentication and authorization in Linux through Active Directory domains. I've found a variety of them helpful, and I've found more to be confusing, rather than helpful. Here I'm hoping to put together a start-to-finish process for using your domain to authenticate and authorize users on your linux box. These instructions are written for Red Hat Enterprise Linux v5 (RHEL from now on). That means the file locations should be the same for CENTOS distros (which I highly recommend as a server OS), but that they might move around a bit for others.

A very small bit of background: this system uses winbind and smb to connect to the domain to authenticate users. Kerberos is used to join the system to the domain. The benefit of this system is that it's secure and it's pretty easy to configure. Coupled with PAM (Pluggable Authentication Modules), it's quite flexible, and it's really pretty cool functionality.

Thursday, March 5, 2009

Singing the praises of DekiWiki

I've been a devotee of MediaWiki for some time, now, and I still have a soft spot in my heart for it. Having said that, however, I've become a real fan of DekiWiki. It's a very full-featured wiki with a ton of extensibility. And the best part: it's released in a community-supported edition, so it's available to everyone without cost. There is a lot that can be said for DekiWiki, and the truth is that I'm too lazy to run through it all. Suffice it to say that it has a ton of features, including extensions, a very flexible scripting language, and--for many the Holy Grail--a very robust ACL system, by which permissions can be set on the individual page level. Here's another bonus: they provide a feature by which MediaWiki installations can be converted to Deki. And I can attest to this: the conversion works well. The commercially-licensed version, to which I suspect we'll move in the near future (I'll post our experience), has a suite of additional features, including a desktop-based toolset that allows for publishing from Outlook and Word, as well as drag-and-drop functionality for organizing the articles. Installation instructions for the GPL'd edition can be found at the MindTouch Deki site. I'll leave it with this: the developers are very active on the MindTouch developer site, very quickly--and thoroughly--addressing problems you might run into. They're a most helpful bunch.