Another way to look at it is to say that what Lara
really wants is a kerberos trust. Lara, you mentioned using OLdap to
provide the authentiation for Active Directory, but is that really the
case? Or do you want to let Active Directory handle Active Directory
permissions and allow those users SSO access to other resources? If not,
why?
Al
From: Roger Seielstad [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 18, 2004 8:30 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Can Microsoft Active Directory be configured to a uthenticate to an external ldap server ??
What
you're really saying is that you don't want to use AD for authentication - not
that you want AD to use an external authentication source.
I
believe there some articles on the web for getting Windows 2000 and later
servers to use something like that - BUT I believe it requires replacing the
GINA process on the clients (not a trivial task, especially since they seem to
change with every service pack).
Roger
--------------------------------------------------------------
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
-----Original Message-----
From: Lara Adianto [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 18, 2004 7:15 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Can Microsoft Active Directory be configured to authenticate to an external ldap server ??Hi guys,As what the subject title said: can Microsoft Active Directory be configured to authenticate to an external ldap server (openLDAP in my case) ?To make things clearer, this is the objective that I want to achieve:I want authentication of Microsoft Active Directory's clients to be done by OpenLDAP server on Linux. So, when a client of Microsoft Active Directory authenticates itself to MS AD, MS AD will ask openLDAP for authentication service. openLDAP will return return reject or allow to MS AD.I believe that this can be achieved by using Kerberos. I currently have GSSAPI mechanism running on my openLDAP server, but I am not sure how to make MS AD talk to my openLDAP server.Any idea, suggestions, hints will be very appreciated....Cheers- Lara -
------------------------------------------------------------------------------------
La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit
- Guy de Maupassant -
------------------------------------------------------------------------------------Do you Yahoo!?
Yahoo! Mail - More reliable, more storage, less spam
