 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On Fri, Jul 18, 2003 at 10:18:32AM -0400, Scott Ehrlich wrote: > The goal will be to set up the Win Server with AD, have Windows clients > join as workstations. Then, with accounts and security being shared > between the LDAP and Kerberos servers, allow users to log into any > workstation of choice (or multiple workstations), do whatever they want - > (change passwords, work on research, etc), and have all authentication > to/from the Windows clients simply pass through the domain controller, so > we don't have to deal with two Kerberos and LDAP environments (one being > the independent servers, the other being the domain controller). > > The ultimate goal will be the ability of users to log into UNIX and > Windows workstations alike with the same credentials, and all > authentication pointing singly at the LDAP and Kerberos servers only. Hrm. It looks like what you really want is a single authentication source regardless of user and workstation/OS, yes? If so, do something simpler: Establish a single domain AD server. The Windows boxes will authenticate to it easily; it provides an LDAP interface for everything else. For boxes that have LDAP PAM available, use that. For those that don't, use an LDAP-NIS gateway. For extra points, use a Samba server instead of an AD server. -dsr- -- Network engineer / pre-sales engineer available in the Boston area. http://tao.merseine.nu/~dsr
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
