Integrating linux into Active Directory- best approach?

Question

We have a bunch of RHEL5/CENTOS5 boxes. And now, despite our best efforts, we are having XP desktops and AD (WS2003) shoved down our throats.

Currently the linux boxes are all standalone, and use the usual /etc/passwd authentications, /etc/group groups, /etc/sudoers sudoers, and so forth.

So this could actually be a constructive thing as it will force us to make time to unify our various schemas.

so....

I'm looking for two answers here

1. What's the best way to integrate linux boxes into an AD system?

2. What's the most common way that linux boxes are integrated into an AD system?

I see at least two different approaches.

1. Set up an LDAP based system for the linux boxes, and then have the LDAP servers sync with the AD system.

2. Set up each linux box to directly access the AD servers.

I'm assuming, of course, that both approaches are practical, straightforward and doable.

Are there more?

Also, if folks know of some good, current references, I'd appreciate links and references.

Thanks!

Answer 1

The question does belong at ServerFault, but the simple answer is that OpenLDAP plays with A/D very nicely, and you can integrate them within PAM to get seamless authentication/authorization.

Google for PAM LDAP Active Directory for pointers