Active Directory

Creating a Domain Trust with Red Hat IdM/FreeIPA and Active Directory

This is something I wrote quite some time ago, and some how it was never published. Apologies for the late release.

What is a Domain Trust and why would I want one?

A Domain Trust, in the traditional sense, is a feature that would allow one “Domain” (Typical a Windows Active Directory Domain), to be set up to trust another “Domain”.

In the Active Directory world, trusts are generally used for large organisations who wish to join one organisations infrastructure to another.
For example, Company A has just purchased Company B, and as an interim step of consolidation, they would join them together in order to allow Company A staff to access resources of Company B and visa versa.

With the release of FreeIPA 3.0, setting up a trust with Active Directory is now a supported feature.

Continue reading “Creating a Domain Trust with Red Hat IdM/FreeIPA and Active Directory” »

Host based access control with Red Hat Enterprise Linux 6

I was working on some more Yubikey token implementations last night and I was asked “How can I only let people in a specific user group login to my server?”

This is the perfect example of what “host based access control” is designed to address.

Every operating system will use host based access control at some point.

If you take Microsoft Windows for example, you will be unable to login to a server unless your user is a member of a specific security group.
With Microsoft Windows, the host based access control, or HBAC as it is commonly referred to, is managed by Active Directory.

With Red Hat Enterprise Linux, HBAC can be managed in a similar way if you are using the FreeIPA identity management solution.

Of course, not everyone has a straight forward homogeneous infrastructure.
For example, many of you may have your Linux infrastructure directly connected to Microsoft Active Directory as your identity management solution.
Continue reading “Host based access control with Red Hat Enterprise Linux 6” »

Adding Yubikey 2 factor authentication to your Red Hat Enterprise Linux estate

A few weeks ago I covered how to integrate the YubiRadius Virtual Appliance into FreeIPA which you can find here, or Microsoft Active Directory which you can find here.

This article is a really quick walk though on how to take your authentication one step further, and add 2 factor authentication into the same process for your Red Hat Enterprise Linux server estate.

Continue reading “Adding Yubikey 2 factor authentication to your Red Hat Enterprise Linux estate” »

Creating a Moodle LMS with Active Directory Users

For those who aren’t aware, Moodle is an open source Learning Management System (LMS) which gives you the ability to teach courses online. I’ve used it for years and I think its brilliant. You can use it to teach in junior and high schools, but also you can use it in a corporate environment as […]

YubiRadius integration with group-validated Active Directory Users using LDAP

This article will show you how to set up the YubiRadius Virtual Appliance (v. 3.5.1) for User validation against a Microsoft Active Directory 2008R2 infrastructure.

You can obtain the YubiRadius Virtual Appliance from the good people over at Yubico, or just click here

This guide is not meant to show you how to configure a virtual appliance in your choice of Virtualization technology, although as I am using KVM, a special thanks to Gavin Spurgeon for getting this VA converted and working smoothly (even with virtio for the icing on the cake).

Continue reading “YubiRadius integration with group-validated Active Directory Users using LDAP” »