[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAP and NT authentication
- To: Dustin Sallings <dustin@spy.net>
- Subject: Re: LDAP and NT authentication
- From: Turbo Fredriksson <turbo@nocrew.org>
- Date: 08 Feb 2000 06:49:17 +0100
- Cc: openldap-general@OpenLDAP.org
- In-reply-to: Dustin Sallings's message of "Mon, 7 Feb 2000 14:52:49 -0800 (PST)"
- References: <Pine.SGI.3.95.1000207145119.6124C-100000@bleu.west.spy.net>
- User-agent: Gnus/5.070099 (Pterodactyl Gnus v0.99) Emacs/20.4
Quoting Dustin Sallings <dustin@spy.net>:
> On 7 Feb 2000, Turbo Fredriksson wrote:
>
> # > 1. Replicating the NT passwords stored in the PDC to the LDAP server
> #
> # What you can do is the way I did it a while ago. Using samba as the PDC,
> # and set the NT as BDC...
>
> Hey, I would really like to do this, can you give me any ideas as
> to how well it operates, and what problems you've had? I've read the
> documentation on using Samba as a PDC, but have as little exposure to NT
> as possible, so I'd like the opinion of someone who has to deal with
> users. :)
'How well it operates'... Hmmm, We're running a software on a UNIX/Linux box...
ANYTHING must operate better than a M$ product, right?! :)
I have actually not done any performance tests, and it's still the problem with
Win95, Win98 AND WinNT machines on the same network... Win95 have clear text
passwords which the other have not. So if you have a Win95 machine on the network,
you have to disable encrypted passwords (and execute a .reg to disable it on
Win98/WinNT). I don't know if there is a way around that, but according to the
Samba site, the problem is still there...
And if the PDC crashes (ie Samba) it takes a simple restarting of the service
(again, the smbd/nmbd processes) and not the whole machine! Much quicker recovery,
and it can be done remotely (ie, through ssh/telnet/rlogin). The only real problem
I had with the setup was the one i listed above, encrypted passwords...
I'm not very good at Win/WinNT ether so I don't know if it is possible to convert
a running NT PDC to a NT BDC. For a small network, it's usually not nesecary with
a BDC, so the current NT can be reinstalled for a _REAL_ operating system :)
When it comes to ease of use (usability), we found that users really liked 'the
new, improved PC/NT system we bought' :) We actually where running on a SLOWER
machine, with less memory, but the whole thing responded quicker, and when we had
a problem (which was very few in between, and was in the initial faze, and due to
miss configurations) we recovered quicker, therefor less down time, so the users
LOVED it.