On Sat, 2002-11-23 at 14:27, Dustin Puryear wrote: > At 03:05 PM 11/22/2002 -0600, you wrote: > >I have a question that has been bugging me for two years now. I know > >Dustin has done some work in this area, but I am finding very little > >info on the web. I would like to implement a single user authentication > >scheme for Windows, Solaris and Linux. I am leaning towards LDAP, but > >the implementation has to be secure and not use plain text passwords. I > >think LDAP will do this using Kerberos or SSL. > > First, keep in mind that Windows is a PAM-like system. You can replace GINA > and integrate Windows into an NIS domain or whatever if you want. That > requires a per-machine change though and your systems may not be fully > supported by Microsoft at that point. > > Now, the question: Are you using an integrated system for your UNIX systems > already? Would you like to integrate Windows into that? Or the other way > around? What are you working with at this point? That would help.
I am currently using NIS+ and would like to either use this or LDAP to authenticate my windows users. Currently we authenticate Solaris/Linux users with NIS+ and windows users separately. > > >Does anyone know of a book or web page that has information on how to do > >this? Dustin, do you have any insight? Does the new version of Samba > >do this? HELP! > > Samba comes with Winbind, which allows you to integrate any PAM-based UNIX > system into a NT domain environment. You could also run a Samba PDC which > relies on a LDAP directory that is in turn used to authenticate both UNIX > and Windows users. I like Samba as a PDC, but you need to be careful when > setting it up. There isn't native BDC support, so you have to mimic it with > a homebrew solution. And no, there is no production code to integrate Samba > into an AD environment at this time. But as 99% of AD environments are > actually running in mixed-mode this is a non-issue so far. You can still > fall-back on NT domain functionality in Samba. I do like the idea of using Samba as a PDC. I might have to look into this some more. I am guessing that I can tie Samba into my existing NIS+? What about encrypted passwords? At one time I remember having to use Samba with plain text passwords. Have they fixed that? I haven't really done a lot of work with Samba in the last two years. > > There are a few options out there. > > Do you have a budget for this? Sure - within reason. > > Hey, did you know that a Windows PDC can act as a NIS master? I believe > this is supplied with Microsoft's UNIX toolkit. I haven't tried this yet > though. Didn't know that - but I would likely not be interested in that since I have had little luck getting windows to run stably as a server and I am not interested in learning. The organization as a whole loathes using windows as any kind of server. I am stretched way to thin as it is, and since our core services (web, mail, data acquisition, data analysis, control systems, storage, etc.) run exclusively on Unix variants, windows has just been used at people's desks for email etc. Windows just takes too much time trying to keep it stable and secure. I would like nothing more than to completely eliminate MS from LIGO. Thanks, Shannon > > > --- > Dustin Puryear <[EMAIL PROTECTED]> > Puryear Information Technology > Windows, UNIX, and IT Consulting > http://www.puryear-it.com > > > > _______________________________________________ > General mailing list > [email protected] > http://oxygen.nocdirect.com/mailman/listinfo/general_brlug.net
