Win2K or 2K3 Server, AD, passthru Kerberos, LDAP help?
dsr at tao.merseine.nu
dsr at tao.merseine.nu
Fri Jul 18 14:13:42 EDT 2003
On Fri, Jul 18, 2003 at 10:18:32AM -0400, Scott Ehrlich wrote:
> The goal will be to set up the Win Server with AD, have Windows clients
> join as workstations. Then, with accounts and security being shared
> between the LDAP and Kerberos servers, allow users to log into any
> workstation of choice (or multiple workstations), do whatever they want -
> (change passwords, work on research, etc), and have all authentication
> to/from the Windows clients simply pass through the domain controller, so
> we don't have to deal with two Kerberos and LDAP environments (one being
> the independent servers, the other being the domain controller).
>
> The ultimate goal will be the ability of users to log into UNIX and
> Windows workstations alike with the same credentials, and all
> authentication pointing singly at the LDAP and Kerberos servers only.
Hrm.
It looks like what you really want is a single authentication source
regardless of user and workstation/OS, yes?
If so, do something simpler:
Establish a single domain AD server. The Windows boxes will authenticate
to it easily; it provides an LDAP interface for everything else.
For boxes that have LDAP PAM available, use that. For those that don't,
use an LDAP-NIS gateway.
For extra points, use a Samba server instead of an AD server.
-dsr-
--
Network engineer / pre-sales engineer available in the Boston area.
http://tao.merseine.nu/~dsr
More information about the Discuss
mailing list