Re: Authenticate windows against OpenLDAP

[Howard Chu <hyc@symas.com>]

Imobach González Sosa wrote:

> El Lunes, 23 de Agosto de 2004 11:50, escribió:
>  
>
> > Maybe this subject has been treated too many times in this list, but I've
> > only found this thread
> >
> > http://www.openldap.org/lists/openldap-software/200207/msg00687.html
> >
> > and is two years old; so I'd like to update the information.
> >    

> > The question is simple: can windows machines authenticate against a
> > OpenLDAP server instead of Active Directory? I mean without using Samba.
> >    
This question has zero relevance to OpenLDAP. You're better off pursuing 
this subject in a Microsoft or Samba-dedicated forum. Whether you can 
authenticate Windows against LDAP depends entirely on the Windows client 
software, and it makes no difference whose LDAP software you use.

> mmmm, maybe pGina is what I'm looking for:
>
> http://pgina.xpasystems.com/
>
> Any experience with pGina?
>
> Thank you.
>
>  
pGina works for what it does - authentication - but that's only half of 
the problem in getting a Windows logon. You also need the Windows 
authorization information, and Windows only gets that using Kerberos 
(with the proprietary, Microsoft-specific PAC extension to the TGT) or 
secure RPC. As such, no matter what plugin you use with pGina to perform 
authentication, you still need to have your account info in a 
Microsoft-compatible authorization server. If you use Samba, you can at 
least avoid the duplication if you centralize everything in LDAP. But 
then if you use Samba, you don't need pGina/LDAP.

Followups to this subject do not belong on this mailing list.

--
 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support