[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Win2k domain authing against Linux OpenLDAP



> It is extremely difficult. I haven't heard any success stories, in fact. I
> wouldn't say that it can't be done, just that it hasn't happened yet.

Not true. It has happened many times. The difficulty depends on what you
want to do with Windows machines and LDAP.

Look at Samba-TNG www.samba-tng.org. Their code is in alpha stages.

If you want something more stable look at Samba 2.2. There is a patch to fix
LDAP support, and it has just merged into the CVS, the next release 2.2.2
will most likely include it. It seems to be stable enough for a production
environment. Although it lacks a few features than that of Samba-TNG with an
LDAP backend...tough decision...features....or stability.

The windows guy is blowing smoke up your ass. I think it's the other way
around, he is finding many docs that say it _CAN_ be done.

Although, it is possible to use an Active Directory and auth against that. I
would *highly* recommend to NOT use SFU (Services for Unix). Use pam_ldap
and nss_ldap to auth your unix users.

To sum it all up, it can be done both ways.

-Andrew

>
>   -- Howard Chu
>   Chief Architect, Symas Corp.       Director, Highland Sun
>   http://www.symas.com               http://highlandsun.com/hyc
>
> > -----Original Message-----
> > From: owner-openldap-software@OpenLDAP.org
> > [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Robert Harris
> > Sent: Friday, August 31, 2001 2:44 PM
> > To: Openldap-Software (E-mail)
> > Subject: Win2k domain authing against Linux OpenLDAP
> >
> >
> >
> >   I've about got my OpenLDAP server working for Solaris and
> > Linux.  Part of
> > the company is using windows, most migrating to 2k soon.  Nothing I can
do
> > about this so it is out of my hands.
> >
> >   At any rate, we want those to authenticate against the OpenLDAP
> > also.  The
> > windows guy
> > is saying he is finding alot of docs saying it can't be done.  He
> > is pushing
> > for an ADS server authentication to be master for everything and throw
the
> > LDAP out.
> >
> >   Is he wrong, mis-informed or just blowing smoke or what?  Any
> > suggestions?
> >
>
>