[TriLUG] ldap authentication from Active directory or NTDS

Roy Vestal rvestal at trilug.org
Mon Jan 19 09:28:14 EST 2004


That was redundant. Shouldn't try and think late at night. Let's try this
again.

It(MS FSU) makes it easier for *nix boxes to connect to Windows, but, IMHO,
not as easy for Windows boxes to connect to *nix boxes as SAMBA does. Plus,
with SAMBA 3.0.x, AD control is simple.
----- Original Message ----- 
From: "Roy Vestal" <rvestal at trilug.org>
To: "Triangle Linux Users Group discussion list" <trilug at trilug.org>
Sent: Sunday, January 18, 2004 10:49 PM
Subject: Re: [TriLUG] ldap authentication from Active directory or NTDS


> Nope. It makes Windows boxes connect to *nix machines, but doesn't make it
> easier, IMHO, for Windows boxes to connect to *nix boxes. Samba seems best
> in that.
> ----- Original Message ----- 
> From: "Turnpike Man" <turnpike420 at yahoo.com>
> To: "Triangle Linux Users Group discussion list" <trilug at trilug.org>
> Sent: Thursday, January 15, 2004 9:31 AM
> Subject: Re: [TriLUG] ldap authentication from Active directory or NTDS
>
>
> > I'm impressed.  Does this make what Roy was doing unnecessary hard work?
> It
> > would seem so.  If anyone publishes the notes they took, I'm excited to
> see
> > them!  I'll add it to my www.turnpike420.net/linux2/ area where I save
> > everything I have learned!
> >
> > David M.
> >
> > --- Magnus Hedemark <chrish at trilug.org> wrote:
> > > This gives you a snap-in to MMC that just adds another tab to your
user
> > > management window.  So you can assign a UID to the user, home
directory,
> > > etc. just like any other *NIX system.  User KerberosV for password
> > > authentication (which already works while making NO changes to your
> > > Windows systems and simply running authconfig on a Red Hat Linux
> system).
> > > You also can assign GID's to AD groups.
> > >
> > > Note that the MS KerberosV implementation is b0rked in that there is
no
> > > admin server, so you can't change your password from Linux without
some
> > > sort of extra provisions.
> > >
> > > With MS SFU installed on your AD server you can use NIS for user
> metadata
> > > (which has some security risks... a lot less than pure NIS since SFU
> isn't
> > > publishing password hashes through NIS but it is still exposing a list
> of
> > > user accounts and group memberships).  You can connect to AD via LDAP
> for
> > > better security but its quite a bit more work.
> > >
> > > SFU comes with an NFS server so you can share Windows home directories
> to
> > > Linux users via NFS.  I'm skipping this option and instead building an
> AFS
> > > server for security reasons.
> > >
> > > -- 
> > > TriLUG mailing list        :
> http://www.trilug.org/mailman/listinfo/trilug
> > > TriLUG Organizational FAQ  : http://trilug.org/faq/
> > > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> > > TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc
> >
> >
> > __________________________________
> > Do you Yahoo!?
> > Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
> > http://hotjobs.sweepstakes.yahoo.com/signingbonus
> > -- 
> > TriLUG mailing list        :
http://www.trilug.org/mailman/listinfo/trilug
> > TriLUG Organizational FAQ  : http://trilug.org/faq/
> > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> > TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc
> >
> >
>
> -- 
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc
>
>




More information about the TriLUG mailing list