Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Win2K or 2K3 Server, AD, passthru Kerberos, LDAP help?

On Fri, Jul 18, 2003 at 10:18:32AM -0400, Scott Ehrlich wrote:
> The goal will be to set up the Win Server with AD, have Windows clients
> join as workstations.  Then, with accounts and security being shared
> between the LDAP and Kerberos servers, allow users to log into any
> workstation of choice (or multiple workstations), do whatever they want -
> (change passwords, work on research, etc), and have all authentication
> to/from the Windows clients simply pass through the domain controller, so
> we don't have to deal with two Kerberos and LDAP environments (one being
> the independent servers, the other being the domain controller).
> The ultimate goal will be the ability of users to log into UNIX and
> Windows workstations alike with the same credentials, and all
> authentication pointing singly at the LDAP and Kerberos servers only.


It looks like what you really want is a single authentication source
regardless of user and workstation/OS, yes?

If so, do something simpler:

Establish a single domain AD server. The Windows boxes will authenticate
to it easily; it provides an LDAP interface for everything else.

For boxes that have LDAP PAM available, use that. For those that don't, 
use an LDAP-NIS gateway.

For extra points, use a Samba server instead of an AD server.


Network engineer / pre-sales engineer available in the Boston area.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /