[TriLUG] ldap authentication from Active directory or NTDS

Roy Vestal rvestal at trilug.org
Sun Jan 18 22:49:36 EST 2004


Nope. It makes Windows boxes connect to *nix machines, but doesn't make it
easier, IMHO, for Windows boxes to connect to *nix boxes. Samba seems best
in that.
----- Original Message ----- 
From: "Turnpike Man" <turnpike420 at yahoo.com>
To: "Triangle Linux Users Group discussion list" <trilug at trilug.org>
Sent: Thursday, January 15, 2004 9:31 AM
Subject: Re: [TriLUG] ldap authentication from Active directory or NTDS


> I'm impressed.  Does this make what Roy was doing unnecessary hard work?
It
> would seem so.  If anyone publishes the notes they took, I'm excited to
see
> them!  I'll add it to my www.turnpike420.net/linux2/ area where I save
> everything I have learned!
>
> David M.
>
> --- Magnus Hedemark <chrish at trilug.org> wrote:
> > This gives you a snap-in to MMC that just adds another tab to your user
> > management window.  So you can assign a UID to the user, home directory,
> > etc. just like any other *NIX system.  User KerberosV for password
> > authentication (which already works while making NO changes to your
> > Windows systems and simply running authconfig on a Red Hat Linux
system).
> > You also can assign GID's to AD groups.
> >
> > Note that the MS KerberosV implementation is b0rked in that there is no
> > admin server, so you can't change your password from Linux without some
> > sort of extra provisions.
> >
> > With MS SFU installed on your AD server you can use NIS for user
metadata
> > (which has some security risks... a lot less than pure NIS since SFU
isn't
> > publishing password hashes through NIS but it is still exposing a list
of
> > user accounts and group memberships).  You can connect to AD via LDAP
for
> > better security but its quite a bit more work.
> >
> > SFU comes with an NFS server so you can share Windows home directories
to
> > Linux users via NFS.  I'm skipping this option and instead building an
AFS
> > server for security reasons.
> >
> > -- 
> > TriLUG mailing list        :
http://www.trilug.org/mailman/listinfo/trilug
> > TriLUG Organizational FAQ  : http://trilug.org/faq/
> > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> > TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
> http://hotjobs.sweepstakes.yahoo.com/signingbonus
> -- 
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc
>
>




More information about the TriLUG mailing list