Best/simplist way to authenticate with active directory? WSFU, WINBIND, or ??
I have done quite a bit of reading on this and can't really decide which would be better suited for my needs (WSFU, WINBIND, or ???). Here is the general scenario:
I have a Windows domain with 5 Windows servers and 1 RHEL3 server and approx 50 users. Managing passwords and user names gets a little frustrating because they are in 3 different places (the Windows login ID, the Linux login ID, and the Samba users). I would like to use my Windows Domain Controller as the authentication endpoint for everything using its Active Directory. The Windows user ID's (ex: jsmith) are different than the Linux user ID's (ex: F0102011) so I must be able to map them to one another (jsmith = F0102011). I cannot make these the same because the program we use on the Linux box requires this type of user ID scheme. I also want my samba share permissions to come from AD as well. Ideally, when jsmith logs into his Windows XP machine and clicks the button to change his password, I would like it to change the password on his F0102011 ID too so that things stay consistent. I have installed WSFU (Windows Services for UNIX 3.5) on my PDC but haven't done anything on the Linux side until I am sure this is the route I should go. I read a little bit on WINBIND but am confused on which of these would work better for me. Can someone give me a GENERAL description of the two? There is a lot of documentation out there but it is very detailed and complex. A general description would help along with any suggestions on which route to take. Thanks!! |
well you have another choice as well, you can authenicate against LDAP, MS Active directory is basically a LDAP server.
on my website i have several how-to's you might want to look at to get some idea's. http://www.yourhowto.org/content/view/34/9/ - Linux client to authenticate against ADS via pam & LDAP http://www.geocities.com/evilperson85/serversetup/ - join windows to a windows domain script. http://www.yourhowto.org/content/view/31/9/ - Authentication against Active Directories using winbind for pop3 the only thing i'm not sure about, is what pam module you would need to edit. for logining into the machine i think it's the /etc/pam.d/login and i *think* if u edit the /etc/pam.d/samba module to get authenication against either LDAP of winbind |
All times are GMT -5. The time now is 11:32 PM. |