Is it possible/practical to use a Linux server to authenticate Windows devices?

linux windows authentication
14,135

Solution 1

Yes, it's perfectly possible! You can set up a Linux Server as an LDAP server, which allows for users to use the same username and password to authenticate on all boxes (including Linux ones).

Some useful links:

Solution 2

I just wanted to add this as further support. It is possible(and fundamentally AWESOME) to use samba as a replacement for a windows server domain controller. Glancing at those links it looked(and i could have missed something) that it was focusing on ldap for authenticating linux users, rather than windows users.

Some information can be found(http://xmodulo.com/samba-primary-domain-controller.html)

but basically you will want to install samba Active Directory, and modify the config file

sudo cp /etc/samba/smb.conf

[global]

workgroup = sambadomain netbios name = sambapdc server

string = Samba PDC
domain master = yes
preferred master = yes
domain logons = yes

add machine script = /usr/sbin/useradd -N -g
machines -c Machine -d /var/lib/samba -s /bin/false %u

security =user
encrypt passwords = yes

wins support = yes

name resolve order = wins lmhosts hosts bcast logon path = \%N\%U\profile
logon drive = H:

logon home = \%N\%U

At the end of it you can then manage users with the command line.


#to create user
sudo smbpasswd -a dan
#to activate user
sudo smbpassword -e dan
#to give user login rights
sudo net rpc rights grant "SAMBADOMAIN\dan" SeMachineAccountPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege SeRemoteShutdownPrivilege
#to add to domain groups.
sudo net groupmap add ntgroup="Administrator" unixgroup=root rid=512 type=d

Using this method your windows machines would join the domain as if it were a windows domain server providing authentication.

There are some more steps involved, but there is a wealth of information out there regarding using samba for AD :)

Share:
14,135

Related videos on Youtube

Toby Hanson
Author by

Toby Hanson

Updated on September 18, 2022

Comments

  • Toby Hanson
    Toby Hanson almost 2 years

    I am from a small primary school and we are currently looking into getting a server purely for authentication. I do not want to push software to the devices or anything like that. I simply want to force the devices to input a username/password before they can use it (to keep track of who is using what for security purposes. We are getting more and more windows tablets in and it is hard for the teachers to keep track of who is using what).

    I do not want to spend money so i thought using open source server software would be a better idea. I understand i will need a relatively good piece of hardware to then run this but that shouldn't be a problem to sort out.

    I looked around at Apache, ClearOS and Ubuntu Server and they all look great but i can't seem to find any information regarding compatibility of Linux servers with windows.

    So: Is it possible/practical to use a Linux server to authenticate Windows devices? and if so, any recommendations?

    • Steve365
      Steve365 over 9 years
      While I realise this isn't an answer to your question, I would ask that you seriously consider why you don't just setup a proper Active Directory domain on a Windows server. It sounds like you're using a Windows ecosystem already, so it would be the best fit.
    • cornelinux
      cornelinux over 9 years
      You say you want to authenticate windows devices. But I can not read this from your question. You seem to want to authenticate somewhere (Where? Against what service?) on a windows tablet. So the windows table just seems to be a device to login to some... ...WebPortal? Or do you want the user to authenticate before he can use the Windows Device?
  • Toby Hanson
    Toby Hanson over 9 years
    Excellent, just been reading through those links you sent me. Only thing i couldn't grasp was what i would need to do to the windows devices to tell them to connect to the server.
  • shearn89
    shearn89 over 9 years
    I have to admit I've not done it myself: does this link help? You'll need to set up Samba and have it talk to LDAP for authentication.
  • Toby Hanson
    Toby Hanson over 9 years
    Okay, i more or less get the process now. I'm sure i'll run in to a multitude of problems seeming i'm new to this. Thanks for all your help.
  • Rob Moir
    Rob Moir over 9 years
    This is the route to go down rather than a "generic LDAP server" route unless you've got particular requirements that mean you're married to a specific LDAP server already.
  • cornelinux
    cornelinux over 9 years
    using ldap is not sufficient. You need to use samba.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Samba authentication problem when attempting to connect from Windows client
How practical is it to authenticate a Linux server against AD?
Flutter Windows Google Authentication Without google_sign_in
Flutter Desktop: how to hide a window (and keep the process alive)?
Flutter release to linux
Is it possible to write Windows/Linux/MacOS-specific code in Flutter?
How to copy file from linux to windows server using c
How to create a folder in C (need to run on both Linux and Windows)
Compiling a Linux program for ARM architecture - running on a host OS
How to get user password expiration date from Active Directory?