Hi guys,

I'm hoping someone can make some recommendations on how to achieve Single Sign-On in a heterogeneous environment (mix of Windows, Linux, and Unix servers and workstations).

At work we use Microsoft Active Directory to achieve SSO but at home it's becoming a real struggle for me to manage users and computers. At the very least I would love the ability to create a single set of logins and have those logins function on all the Windows, Linux, and Unix workstations and Servers.

I have done some reading on OpenLDAP but all the guides I have read are fairly old. If OLdap is the way to go can anyone share a link to a recent howto which could walk me through a very simple Use-Case (a set of 5 or so users that can login to any computer in the directory)?

Thanks in advance!

PS: I'm hoping to get a response from someone who has actually done this and not a google search (I have already spent way too much time playing with random guides from google)

Take a look at this post on FedoraForum.org. I have used this method before and it works pretty well as long as all of your Windows boxes are capable of joining a domain.

1 members found this post helpful.

Holy cow, WOW! Thanks so much for that share; it's just what I was hoping for!

...And yea, all the Windows seats are Professional, Enterprise, or Ultimate so they can all join a domain.

I know Samba4 is listed as alpha but ... its the 15th alpha <g>. Its still scheduled to be released in 2011 according to the project timeline.

Watch the Samba4 Video's ... it only takes about 15 minutes but will easily demo how a Linux Samba4 server can become the PDC for a Windows Domain.

as I'm typing this the Samba.org wiki is offline but the URL to the SAMBA4 Video's is:

Joining Windows 7 to a Samba domain

I've found that there are quite a few organizations using it in production with good success.

Along that line I found out about an open source Resara.org that has taken Samba4 and done quite a bit of integration & menuing work to provide a nice Samba4 Admin Console.

You can download the source but they also other choices including:
pre-packaged binaries
pre-packages VMs (vmware or virtualbox)
an Ubuntu PPA for Resara and Ubuntu 10.04 LTS.

Installing is simple and so is configuration.

You might want to give that a try and see if it will work for you.

It looks like Samba has really come a long way since the last time I investigated using it for single sign-on. Back then it was barely competitive with NTv4 workgroups. I guess I just assumed that since Active Directory is based on the LDAP X.500 specification that OpenLDAP would be the appropriate (free) alternative.

I just need to make sure that ultimately I will be able to log into all my Linux and Windows machines with the same sets of credentials without having to create each user account on every single machine in the house and if I disable/lock/reset any account at the DC that the change is replicated down to all the clients automatically.

Thanks again guys! Hopefully I will have some spare time to dig into this soon!

You may want to have a look at this tool from Centrify. They have "express" version free of charge, and seems perfect for small implementations. http://www.centrify.com/express/free...asp?r=menu-nav