Category Archives: Deneb Explains

Linux Active Directory login for specific groups

I have had Linux Active Directory integrations many times in the past and thought I should blog / document some of it.

I want single sign on for my environment and I have a mixture of Windows and Linux systems. First of all I like Active Directory and its the natural solution for Windows systems so I want to hook my Linux systems into that.

This as it turns out is easy and has many many different methods, but the one I have chosen to use (only because I have got it working reliably) is to use BeyondTrust PowerBroker Identity Services.

I am not going to copy and paste documentation that describes how to install PBIS (note it used to be called Likewise Open)  as that can be found written very well elsewhere. I have included links to some good examples below. This is to document something that took me a long time to find. Once I have Linux Active Directory login working how do I lock it down to specific groups?

First some background:
PBIS uses a registry for configuration. This mimics the Windows registry including its own registry editor, although this editor is command line.

Ubuntu 12.04 /opt/pbis/bin folder contains all the PBIS executables including regshell, config, lwsm, enum-users, domainjoin-cli and lots of other goodies.

To find the list of groups that can login (by default all domain users can login)

:/opt/pbis/bin# ./config --show RequireMembershipOf

To set Linux Active Directory login for specific groups

:/opt/pbis/bin# ./config RequireMembershipOf "domain\\group1" "domain\\group2"

then remember to refresh the configuration (and expire cached Kerberos tokens)

:/opt/pbis/bin# lwsm refresh
:/opt/pbis/bin# ad-cache --delete-all

References and other cool links related to this article.

 

Multi tier architecture in action

What is meant by a Multi tier architecture

The generally accepted definition of a multi tier architecture describes the separation of Presentation, Logic and Data roles. This can be viewed in more detail in the wikipedia article Multitier architecture  however this article doesn’t describe the implementation of a multi tier architecture.

I have worked with many different organisations of varying sizes with differing needs and here are 4 of the most common high level implementations I come across.

Continue reading Multi tier architecture in action

Windows Page File

What is the Page File ?

If you think of RAM as your short term memory then Page File is like your diary or your blog. When you want to remember something in the future but forget about it now you write it down. In return you can store much larger quanitites of information! However just as a Blog or a Diary can become unwieldy and slow to access once its full of the information you didn’t remember the Page File is much slower than RAM. To put it in perspective, A lookup to RAM takes nano seconds where as a lookup to Page File (Which is on your hard disk) takes mili seconds a 1000 times slower. Continue reading Windows Page File