Linux Domain Controller

canzi · 04-09-2007, 08:30 AM

Hi Everyone,

a quick question about the possibilities of a linux

domain controller.
the reason is simple i dont want to have to create accounts on local machines and on the server/s, sync passwords ect for windows clients.

am i right in thinking that pam will work for linux clients?

Novell use edirectory with a client and is very good.
micro$oft have a domain controller that that you have to login to,

but what options do Linux

users have.

I have read that samba 2/3 has a PDC mode but isn't very scalable, i think 3 is better because it uses ldap.

is it possible to setup just ldap and have windows users connect to it like a domain controller, creating there account on the fly and keeping there password in sync?

what other options do we have?

and if your feeling extra generous what about group policies? again Novell uses zenworks micro$oft 2003 doming and linux??

many thanks

Canz

kstan · 04-09-2007, 09:29 AM

setup openldap server, install pgina in windows client pc. then install ldap plugin for pgina.

Anyway, it doesn't support group policy and you manage the entire domain limited.

MoMule · 04-09-2007, 11:43 AM

Check out winbind to see if that will accomplish what you need.

Deion "Mule" Christopher

tmiles · 04-09-2007, 12:04 PM

Yes you can use Linux for this. If you are trying to scale like you can with Novell Edirectory or with MS Active Directory there are issues.

Depending on which version of Linux you are using, you can use Edirectory with Samba and make a scalable (Novell has a non production version of Edirectory you can download for free)

You can do PDC setups pretty simple using Clark Connect or SME server. (But these are not scalable as you can not add BDC's)

If you have money to spend you can look at the Xandros server. Their managed community set up is pretty scalable. You can set up groups of servers just like you do with Windows 2003 and Active Directory. Works very well once you get the hang of it.

Prob the most robust set up for free would be Open Suse with Edirectory (Since there is no out the box installer for Edirectory on non RPM versions of Linux.)

Or you can build it from scratch. You need PAM, Open Ldap and Samba and then the Samba connectors (Libraries) for Open Ldap.

Here are some examples of how to set this up:

http://www.howtoforge.com/samba_doma...up_ubuntu_6.10

http://gentoo-wiki.com/HOWTO_SAMBA-L...Time_antivirus)

canzi · 04-09-2007, 08:20 PM

cheers, already you have posted some great suggestions, ill spend a day or two looking over them.

many thanks
canz

justanotheruser · 04-25-2007, 10:23 AM

I googled this thread because I'm thinking of using pgina to authenticate to openLDAP. Currently our XP boxes authenticate to Active Directory, and my main concern is if by going with pgina whether or not group policy still works.

My guess is that it should - can anyone confirm that all is good, in a similar setup?

kstan · 04-25-2007, 07:12 PM

Hi,

Quote:

Originally Posted by justanotheruser

I googled this thread because I'm thinking of using pgina to authenticate to openLDAP. Currently our XP boxes authenticate to Active Directory, and my main concern is if by going with pgina whether or not group policy still works.

My guess is that it should - can anyone confirm that all is good, in a similar setup?

Not really perfect, it have some setting for you to enforce but not as good as group policy. And 1 thing to always remember pgina create a local user once they login through openldap/pop3/mysql. So, you cannot share your resources via openldap user directly.

Anyway if you just want to centralize the user/password pgina is good enough for you.
Regards,
Ks