This is why I like Ubuntu so much. Here are my steps on how to allow Ubuntu authenticate against a Windows Active Directory:

  1. sudo apt-get install libpam-ldap libnss-ldap libpam-cracklib
  2. before answering questions, setup a proxy account in your AD to only have rights for checking authentication (basic read-only access to the AD)
  3. answer all questions prompted on your Ubuntu
  4. when you are prompted for a bind account, use the account you created in step #2
  5. create a local account that will be using the AD for authentication making sure the user name is the same
  6. remove the password in the /etc/shadow file and replace it with a "*"
  7. in the account you want to authenticate, make sure the unix attributes have the user and group numbers set to the same account on your Ubuntu server
  8. on the Ubunto /etc/passwd file, make sure the UID and GID are the same as the AD Unix Attributes

Now try ssh’ing to your Ubuntu and you should be set to go!

comments powered by Disqus