On 6/27/05, Oded Arbel <[EMAIL PROTECTED]> wrote: > On Monday, 27 בJune 2005 16:45, Gil Freund wrote: > > On 6/27/05, Oded Arbel <[EMAIL PROTECTED]> wrote: > > > I'm looking for suggestions for single-sign-on system which allows > > > for integration of both windows and linux workstations and servers > > > > - OpenLDAP > > > > LDAP. OpenLDAP is the tool of choice on Linux, but it will work with > > Novell and IBM LDAP servers. > > > > > * How hard it is to integrate windows clients into that ? > > > > Windows clients see it as windows NT server. The clients do not > > interact directly with the LDAP server. > > Then how do I setup authentication to work against the LDAP server for > the Windows clients ? Do I have to used a Samba server ? I understood > that for the Kerberos 5 approach, NT 5.0 and later clients can auth > directly using kerberos - I was hoping to do something similar for > LDAP.
Samba is a mediator between Windows and Linux. There is an alternative called NISGINA which replaces the the Windows NetLogin service, but it is rarely used, since Samba provides native support for the Windows NetLogon service. Samba will provide the required information (LDAP and Kerberos) to the windows Hosts. The LDAP and Kerberos can then be used together with samba to provide other services (NSS, PAM, SASL, etc) > > AFAIK linux clients can use pam_ldap to talk to the LDAP server > directly, and IIRC it much more stable then using winbind - I played > with it before and I don't think I'll have much of a problem. Winbind is required in one of two scenarios: 1. Using AD to provide information for Linux services (such as PAM) without local user accounts. 2. Establishing trust and account mapping between domains. You don't need on a Samba standalone domain. > > -- > Oded > > ::.. > God did not create the world in seven days. He partied/procrastinated > the first six days and pulled an all-nighter. >
