As far as I'm aware, there are 3 (common) ways to use Active Directory as the Authentication and Authorization for Linux hosts:
- LDAP
- Kerberos
- Samba/Winbind
Is there a (current) consensus on which method is the best practice?
I've never been entirely clear on the pros/cons of each method to start with, but every document/tutorial says a different way and not many of them are dated or explain why they are using a particular method.
Best Answer
The approach I use now is SSSD. It's quite painless and the configuration files are clean. SSSD can be enabled at install time or just run via the
authconfig
command UI. I recently converted ~200 Linux servers to SSSD from local auth and used the steps below.This assumes a Red Hat-like system (RHEL, CentOS, Fedora)...
1) Download SSSD.
yum install sssd
2). Modify the system's authconfig settings.
3). Update the /etc/sssd/sssd.conf configuration file contents with the following: