Authorization for Linux, Unix, and Mac

Learn more about Likewise Enterprise
Request a Live Demonstration

Related Resources

Boardcast: Group Policy for UNIX and Linux

Learn how Likewise Enterprise allows you to extend Active Directory Group Policy to Linux and UNIX systems for one-to-many management.

Watch this Boardcast

Whitepaper: Likewise Enterprise Security Benefits

Find out how Likewise Enterprise improves the security of Linux and UNIX computers by allowing computers to authenticate and authorize users through Microsoft Active Directory™.

Likewise Enterprise provides several mechanisms to control access to Linux, Unix, and Mac OS X computers, beginning with the strong cryptographic mechanism — Kerberos 5 — that Likewise uses to communicate with Microsoft Active Directory to verify that a username and password correspond to a valid user. This fundamental form of access control lets administrators stop using local accounts on Unix, Linux, and Mac OS X workstations and servers. Instead, Likewise empowers them to manage all their user accounts centrally

in Active Directory. A user is allowed to log on only with a valid Active Directory user account that has been explicitly set for Unix, Linux, and Mac access.

Active directory based access control

The advantages of Likewise don't stop there. Likewise works with Active Directory to provide several additional benefits:

  • Greater control over access to Linux, Unix, and Mac workstations and servers.
  • Access control options that help improve regulatory compliance.
  • Access reports that help demonstrate regulatory compliance.
  • Tighter overall network security.
  • Role-based access control for sensitive resources.
  • Group-based access control mechanisms that ease account management.

Likewise provides the following mechanisms for controlling access:

Access Control Mechanism

Description
Likewise Cell Technology Only users with membership in a cell can log on the Unix, Linux and Mac OS X machines in the cell. Judicious use of cells can provide a convenient way of controlling access to different classes of Unix, Linux and Mac OS X computers.
Allow Logon Rights Group Policy (require_membership_of) This Likewise group policy can specify that a user be a member of a particular group to log on a computer within the scope of the group policy object. You can designate one or more groups. A user is allowed to log on only if he or she is a member of at least one of the designated groups.
Logon List Likewise lets you use ADUC to specify the Linux, Unix, and Mac computers that a user can log on.
Logon Hours With Likewise, you can use Microsoft Active Directory Users and Computers (ADUC) to set the days of the week and times of day that a user is allowed to log on any Linux, Unix, and Mac computer.
Disable Account With Likewise and ADUC, you can disallow logons by a user.
Authorization, Identification, and Logon Group Policies Likewise includes a number of group policies for authorization and identification that, taken together, give you a fine-grained, flexible model for controlling access to sensitive resources. Examples of such policies include allow cached logons, denied logon rights message, allow access to Samba server null-password accounts, allow offline logon support.