LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 08-25-2006, 06:24 PM   #1
steven.wong
LQ Newbie
 
Registered: Aug 2006
Posts: 6

Rep: Reputation: 0
Nis - Ldap - Ad


I was wondering if anyone have implemented this before or if this is even possible ( if so, any suggestions or gotcha's )?

We have windows and linux/UNIX employee accts, plus customer only accts on our linux/UNIX systems. What we would like to do is have central points of auth and changes to passwd. But the customer accts should only exits on linux/UNIX systems, while for our employee's from Windows to linux/UNIX to be the same, ( ie. changing passwd will propagate to both )

What I have in mind was to have AD or LDAP to manage all employee accounts, which means, when the user changes his/her passwd, it also changes on the linux/UNIX side. When a customer acct is created or any modifications to customer acct is only up to the LDAP master, does not prop up to the Windows AD domain. Since we are still using RH 7.3, and some of the functionality we need for automount and netgroup is not implemented yet. I'm considering using PADL gateway with ypldap between the clients and the LDAP server's. Which means, the clients will still think it is using NIS.

details --- ( I also have a gif diagram [48k] of what I would like to do, but I don't know how to attach it to here ) Hopefully what's below makes sense to what I'm asking about.

our RH7.3 clients will use NIS to talk to our LDAP server via ypldap, and I know that LDAP supports having mulitple DB or domain's on the same LDAP server(s), but can the client support this in both sceniaro's where our employee's (pro) and customer can login to the same box, although they are both on different domains.

If an employee updates his/her passwd on linux/UNIX/Windows, the changes will be sync acroos.
If a customer updates his/her passwd on linux/UNIX, it will probagate "only" up to LDAP master and to it's "slaves"
If a customer try's to connect to a windows's box, he will not get authenticated, since he is not on the same network..

Can a client be setup to auth users from two separate domains ( one for employee's, other for customers)?

Thanks,
Steven

Last edited by steven.wong; 08-25-2006 at 06:32 PM.
 
Old 08-26-2006, 10:41 AM   #2
irpstrcr
Member
 
Registered: Mar 2005
Location: LAX
Distribution: Slackware
Posts: 40

Rep: Reputation: 15
samba setup as a PDC with an LDAP backend would acomplish this.

For the windows side of things:
If the user is lacking the sambaSamAccount class they would not be allowed to auth against the windows domain.
this should keep the customers from loging into your windows side of things

For the Unix(linux/bsd/etc..) side:
nssldap would allow you to auth against the same LDAP that is holding the windows domain users.
This would allow your employees to login into both windows & unix machines using the same account.

Other silly things that can be done once this is setup is roaming profiles for the windows users that are based off of the users unix home directory, and of course a centralized contact list (Addressbook for Outlook / Thunderbird / etc...)
 
Old 08-31-2006, 06:09 PM   #3
steven.wong
LQ Newbie
 
Registered: Aug 2006
Posts: 6

Original Poster
Rep: Reputation: 0
so I would have to use a single repos, which would be openLDAP right?

I can't use Windows 2003 Active Directory for employee's and openLDAP for customer accounts?
 
Old 08-31-2006, 06:37 PM   #4
irpstrcr
Member
 
Registered: Mar 2005
Location: LAX
Distribution: Slackware
Posts: 40

Rep: Reputation: 15
Technicly the single repos would be whatever backend you are using for the LDAP server, but yes one spot to manage them both.

You could auth them both from the AD server using kerberos...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How i use Nis or LDAP sfahadtariq Linux - Networking 1 01-16-2006 03:09 PM
centralized authetication NIS or LDAP ravikumarG Linux - Networking 1 05-16-2005 07:13 PM
NIS, Samba or LDAP? mediocrity Linux - General 2 04-25-2005 07:42 PM
LDAP and NIS Dark_Helmet Linux - Networking 3 11-29-2004 02:46 PM
LDAP server or NIS? beginner16 Linux - Newbie 0 11-27-2003 03:43 PM


All times are GMT -5. The time now is 11:04 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration