LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Enterprise (http://www.linuxquestions.org/questions/linux-enterprise-47/)
-   -   Single Sign-On Recommendations (http://www.linuxquestions.org/questions/linux-enterprise-47/single-sign-on-recommendations-878050/)

thund3rstruck 04-30-2011 04:02 PM

Single Sign-On Recommendations
 
Hi guys,

I'm hoping someone can make some recommendations on how to achieve Single Sign-On in a heterogeneous environment (mix of Windows, Linux, and Unix servers and workstations).

At work we use Microsoft Active Directory to achieve SSO but at home it's becoming a real struggle for me to manage users and computers. At the very least I would love the ability to create a single set of logins and have those logins function on all the Windows, Linux, and Unix workstations and Servers.

I have done some reading on OpenLDAP but all the guides I have read are fairly old. If OLdap is the way to go can anyone share a link to a recent howto which could walk me through a very simple Use-Case (a set of 5 or so users that can login to any computer in the directory)?

Thanks in advance!

PS: I'm hoping to get a response from someone who has actually done this and not a google search (I have already spent way too much time playing with random guides from google)

grapeshot 04-30-2011 07:11 PM

Take a look at this post on FedoraForum.org. I have used this method before and it works pretty well as long as all of your Windows boxes are capable of joining a domain.

thund3rstruck 04-30-2011 07:21 PM

Quote:

Originally Posted by grapeshot (Post 4342309)
Take a look at this post on FedoraForum.org. I have used this method before and it works pretty well as long as all of your Windows boxes are capable of joining a domain.

Holy cow, WOW! Thanks so much for that share; it's just what I was hoping for!

...And yea, all the Windows seats are Professional, Enterprise, or Ultimate so they can all join a domain.

bmullan 05-01-2011 07:22 AM

single sign-on recommendations
 
I know Samba4 is listed as alpha but ... its the 15th alpha <g>. Its still scheduled to be released in 2011 according to the project timeline.

Watch the Samba4 Video's ... it only takes about 15 minutes but will easily demo how a Linux Samba4 server can become the PDC for a Windows Domain.

as I'm typing this the Samba.org wiki is offline but the URL to the SAMBA4 Video's is:

Joining Windows 7 to a Samba domain

I've found that there are quite a few organizations using it in production with good success.

Along that line I found out about an open source Resara.org that has taken Samba4 and done quite a bit of integration & menuing work to provide a nice Samba4 Admin Console.

You can download the source but they also other choices including:
pre-packaged binaries
pre-packages VMs (vmware or virtualbox)
an Ubuntu PPA for Resara and Ubuntu 10.04 LTS.

Installing is simple and so is configuration.

You might want to give that a try and see if it will work for you.

thund3rstruck 05-01-2011 08:59 AM

It looks like Samba has really come a long way since the last time I investigated using it for single sign-on. Back then it was barely competitive with NTv4 workgroups. I guess I just assumed that since Active Directory is based on the LDAP X.500 specification that OpenLDAP would be the appropriate (free) alternative.

I just need to make sure that ultimately I will be able to log into all my Linux and Windows machines with the same sets of credentials without having to create each user account on every single machine in the house and if I disable/lock/reset any account at the DC that the change is replicated down to all the clients automatically.

Thanks again guys! Hopefully I will have some spare time to dig into this soon!

slouching 05-02-2011 09:24 AM

You may want to have a look at this tool from Centrify. They have "express" version free of charge, and seems perfect for small implementations. http://www.centrify.com/express/free...asp?r=menu-nav


All times are GMT -5. The time now is 03:59 PM.