Firewall Wizards mailing list archives
Re: My LDAP question (fwd)
From: Todd Underwood <todd () osogrande com>
Date: Tue, 17 Dec 2002 07:08:15 -0700 (MST)
ron, all, On Mon, 16 Dec 2002, R. DuFresne wrote:
I am trying to find out if its possible to use LDAP to authenticate multiple OS platforms without using W2k's Active Directory. I know that Mac OS X and other *NIX flavors can authenticate thru LDAP, what I need is for W2k to authenticate thru LDAP but without using the AD. Does anyone know if this is possible and if so what is the best way to go about it?
we do this, but not in this way. the best strategy that i'm currently aware of is not to try to make w2k authenticate straight off of LDAP (we couldn't get that to work and i'm not sure it's supposed to work) but rather to run samba as a domain controller and have w2k authenticate off of samba. so it looks something like this: --openldap configured with the samba schema somewhere on the network. --samba 2.2 or greater running on an OS that supports nssldap and PAM: see http://www.unav.es/cti/ldap-smb-howto.html for lots more detail. --w2k and xp running in mixed authentication mode so clients attach to the domain run by samba, samba proxies the authentication to LDAP, but is able to get the LM hash right out of ldap so there's no problem of unencrypted passwords on the lan (we're actually doing this with messsy magic and synchronization to /etc/samba/smbpasswd now, because of an older version of samba that didn't support this, but it is *much* better if you can get the LM hash straight out of LDAP). i find samba to be the best glue to cobble together mixed windows and linux networks and still get all of them authenticating out of LDAP. hope that's a useful direction. -- todd underwood, sr. vp & cto oso grande technologies, inc. todd () osogrande com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- My LDAP question (fwd) R. DuFresne (Dec 17)
- Re: My LDAP question (fwd) Todd Underwood (Dec 17)
- Re: My LDAP question (fwd) Devdas Bhagat (Dec 17)
- Re: My LDAP question (fwd) Todd Underwood (Dec 17)