This is an old revision of the document!


Active Directory Migration

We are making changes to our authentication scheme in an effort to further simplify our computing environment. This will make things easier for users on our systems, and easier to maintain both now and in the future.

Up until now our Linux and Windows domains have been separate. Despite the fact that your accounts share file storage, these identities don't share any real information. This means that if you change your password in Windows, your Linux password has not changed. Similarly, if you are added to a Unix/Linux group, there is no corresponding Windows group. This makes file permissions difficult to manage.

We have been working on converting our Linux systems to authenticate against our Active Directory servers. Active Directory (AD) is a widely used Microsoft product for identity management. Thanks to software from open source projects like Samba and FreeIPA, as well as Red Hat, Linux now has reliable, enterprise-ready support for Active Directory.

Do you know your “Windows” password?

Our hope is that this move will have little effect on our users, however there is one thing that you need to make sure: After these changes go live, the password that you use to log into Linux systems will no longer work. When you first received your CS account, your “packet” came with your username and password. At first this password worked on both Windows and Linux domains, however most people have since changed their password(s).

If you have not changed both Windows and Linux passwords at the same time then they are out of sync, which means you may not know your Windows password. This means you will not be able to log in after we have moved to AD on our Linux systems.

  • ad_migration.1532461337.txt.gz
  • Last modified: 2018/07/24 19:42
  • by ktm5j