On 6/27/05, Oded Arbel <[EMAIL PROTECTED]> wrote: > > Hi list. > > Due to our current single-sign-on system - Microsoft Active Directory - > going berserk, our IT department finally found the moral fiber to > change to something with better behavior guarantees, and possibly - > open source. > > I'm looking for suggestions for single-sign-on system which allows for > integration of both windows and linux workstations and servers from > people who have implemented and/or maintained such a system. > > I'm familiar with NIS/YP and don't want to go back there, so don't even > suggest that. > > Other options we've been thinking of are: > - Windows Domain using Samba > * Which is better, 3.0 or 3.1 ?
3.0.14 is the current stable release. > * What about 4 ? Very early alpha > * What storage backend do you suggest to use ? > - OpenLDAP LDAP. OpenLDAP is the tool of choice on Linux, but it will work with Novell and IBM LDAP servers. > * How hard it is to integrate windows clients into that ? Windows clients see it as windows NT server. The clients do not interact directly with the LDAP server. > * Are there easy to use tools to manage such a system ? LAM (http://lam.sourceforge.net/) for basic user management phpLDAPadmin (http://phpldapadmin.sourceforge.net/) for more advanced management. > - Kerberos 5 > * Any one had any experience with something like this ? > * What do I need to get in order to use this ? My distro packages > krb5-server, but I got the impression I need more programs to have a > full Kerberos 5 domain. Never used it myself, but my understanding is that most Samba binary packaged are compiled against MIT kerberos libraries. Samba is one of the best documented FOSS packages: start with: http://us3.samba.org/samba/docs/man/Samba3-ByExample Then go over http://us3.samba.org/samba/docs/man/Samba3-HOWTO for specific fine tuning. > > TIA > > -- > Oded > > ::.. > Lactomangulation, n.: > Manhandling the "open here" spout on a milk carton so badly that > one has to resort to using the "illegal" side. > -- Rich Hall, "Sniglets" > > ================================================================= > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] > > ================================================================To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
