Dear All,

I have to deploy a single sign in facility in my organisation. Every user who is working in the organisation will able to access internet, web server, mail server, gate entry (Boimetric System), wiki, Desktop login by giving his Username and password. By this way the management and security managed in a better way.

Kindly guide me in this way.

Regards,


VJ +++

This isn't something I've ever had to engage in, but based upon what I've seen in existing installations, you might want to start by looking at using Kerberos + LDAP. If you have Windows hosts in the mix, you will probably want to include Samba.

Using a username/password to access a biometric gate sstem is a BadIdea(tm) and negates all benefits (if any) of the biometrics.

yes, you need to configure ldap+ krbs solution .. for quick start freeIPA is good way, else you can build it from scratch, means by installing packages and configuration them by own.

Thanks for reply. I have mixed desktop environment ( Windows + Linux). Is there any dedicated how to for freeIPA setup in ubuntu.

Regards,

Thanks for replying. I have to implement single sign in facility in MS Windows and Linux environment. Is there and specific straight forward how to deploy freeIPA in ubuntu LTS.

oh, you need it for ubuntu. I think it is not available for ubuntu to make it as server. freeIPA project is started by redhat so little specific to RPM based distro's


like FEDORA, RHEL, CENTOS

http://freeipa.org/page/Main_Page


i guess freeIPA for ubuntu is still in development phase..

https://launchpad.net/freeipa

---------- Post added 06-15-12 at 01:33 PM ----------

for windows machine you need to configure SAMBA on linux server

The Ubuntu wiki and how-to pages are generally top notch:
https://help.ubuntu.com/10.04/server...eros-ldap.html
https://help.ubuntu.com/community/SingleSignOn
https://help.ubuntu.com/community/Kerberos
https://help.ubuntu.com/community/ActiveDirectoryHowto

Thanks, hope that you are suggesting me these url after being well tested by Ubuntu community.

I can't make you any guarantees about wiki or other community information. I am reasonably certain that Samba+Kerberos+LDAP is the answer to your situation, but it goes way beyond a how-to that can be given to you in a forum as it is a complex process involving many layers of software and configuration. This is something that you are going to have to research, learn, and understand BEFORE you begin this process. If you try to rely on a step-by-step how-to or other cookbook like documentation for this process, you will most likely fail. Hopefully the links that I provided will enable you to get started on the learning process by pointing you in the right direction.

1 members found this post helpful.

In any case, at this point you know the concepts of what you must technically do, and you know that Linux can do it. You've also been pointed to in-depth documentation resources. To proceed from this point, you'll need to work closely with your colleagues on the Windows side. You don't have to write anything; don't have to invent anything. You do have to learn how to set it up correctly for your shop. (And if you notice my hands waving in the air right now, you're right ...)

Microsoft's "Active Directory™" is LDAP by any other name. (Almost. "Of course... it's Microsoft." ) Kerberos is another, slightly older albeit more security-conscious, standard. Both of these provide the means for a central authority to set up rules that everyone else can query through a consistent interface. They've also thought-out what to do when a computer is off-line to the authority, and they've also thought-out how the authority is distributed among multiple computers.