[ale] Authentication solution for Linux/Windoze environment

Greg Freemyer greg.freemyer at gmail.com
Wed Jan 3 13:50:14 EST 2007 

On 1/3/07, James P. Kinney III <jkinney at localnetsolutions.com> wrote:
> On Wed, 2007-01-03 at 11:41 -0500, John V. Harding wrote:
> > Greetings,
> > I currently manage a small (~40 nodes) Linux network in an engineering
> > environment. We also have a Windows network with about the same amount
> > of nodes. I currently use an NIS server running on Redhat 8 for Linux
> > and Windows Domain Controller for the windows network and bridge the gap
> > with Samba for file sharing
>
> Plop the entire mess onto Samba. It can support being the PDC for the
> winders (computer challenged) crowd and can also authenticate Linux
> users using the same backend ldap setup.
>
> Look into Fedora Directory Server for the ldap backend solution.
> >
> > Can anyone suggest an authentication solution that can handle both
> > networks with minimum maintenance overhead? I prefer a Linux/open source
> > solution but would also entertain an appliance solution. There is also a
> > need to include a remote mirrored system for a branch office. A Windows
> > based Domain controller has been recommended but it does not seem to
> > support RHEL 4 well (or my Windows Admin does not know how to implement it).
> >
> > Thanks for any suggestions,
> >
> --

James,

I'm not real current on my Samba knowledge but from what I've read:

Samba 3 can act as a NT4 PDC, but it has not implemented Win2K/Win2003
AD Server functionality.  IIRC Samba 4 will do that eventually.  I
have not worked with AD so I don't know if that is a big loss or not,
but it certainly seems worth mentioning.

OTOH, both PAM and Samba 3 can use a Win2K/Win2003 AD server to
authenticate against via winbind.

A quick google found this article about doing that:
http://www.enterprisenetworkingplanet.com/netos/article.php/3502441

So they can also use Windows AD as the main authentication source and
PAM/Winbind to authenticate the Linux users based on the AD setup.

And if they are using Samba to share Linux drives to the windows
boxes, they can configure it to use Winbind for authentication as
well.

As to Pros and Cons of the two approaches, I don't know.

Greg
-- 
Greg Freemyer
The Norcross Group
Forensics for the 21st Century

More information about the Ale mailing list