[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authenticate windows against OpenLDAP



Imobach González Sosa wrote:

El Lunes, 23 de Agosto de 2004 11:50, escribió:


Maybe this subject has been treated too many times in this list, but I've
only found this thread

http://www.openldap.org/lists/openldap-software/200207/msg00687.html

and is two years old; so I'd like to update the information.



The question is simple: can windows machines authenticate against a
OpenLDAP server instead of Active Directory? I mean without using Samba.


This question has zero relevance to OpenLDAP. You're better off pursuing this subject in a Microsoft or Samba-dedicated forum. Whether you can authenticate Windows against LDAP depends entirely on the Windows client software, and it makes no difference whose LDAP software you use.


mmmm, maybe pGina is what I'm looking for:

http://pgina.xpasystems.com/

Any experience with pGina?

Thank you.



pGina works for what it does - authentication - but that's only half of the problem in getting a Windows logon. You also need the Windows authorization information, and Windows only gets that using Kerberos (with the proprietary, Microsoft-specific PAC extension to the TGT) or secure RPC. As such, no matter what plugin you use with pGina to perform authentication, you still need to have your account info in a Microsoft-compatible authorization server. If you use Samba, you can at least avoid the duplication if you centralize everything in LDAP. But then if you use Samba, you don't need pGina/LDAP.

Followups to this subject do not belong on this mailing list.

--
 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support