[CentOS] Authenticating against AD (without adding to domain)

Tue Mar 25 18:53:10 UTC 2014
m.roth at 5-cent.us <m.roth at 5-cent.us>

Todor Petkov wrote:
> On 25/03/2014 02:31 PM, Nux! wrote:
>> On 25.03.2014 12:20, Nux! wrote:
>>> On 25.03.2014 12:01, mark wrote:
>>>> On 03/25/14 06:08, Nux! wrote:
>>>>> Does anyone know if it's possible to auth users against AD and
>>>>> how? I don't want to register the station to the domain, just auth the
>>>>> users against it.
>>>>> We have a local mediawiki installation that auths users against
>>>>> the AD without having any admin access to it.
>>>>> Any ideas?
>>>> Yes, you can. Yes, we do. We added krb5 in the mix last year, too.
>> Actually it looks rather easy, e.g.
>> http://seriousbirder.com/blogs/centos-6-with-kerberos-authentication/
>> Thanks again, Mark.

Would have said more, but I'm busy fighting fires today.
> you can try this:
> http://www.couyon.net/1/post/2012/04/enabling-ldap-usergroup-support-and-authentication-in-centos-6.html
> You need to edit the ldap fields for AD though.
Yeah, we had that issue here, and I gather, from my manager, that it took
*years*, literally, to get the WinBlows aedmins in charge of the AD to
agree to add the necessary fields.