[K12OSN] Ldap + smb auth?
Henry Burroughs
hburroughs at HHPREP.ORG
Fri Feb 11 17:43:41 UTC 2005
That's an interesting idea. I don't see why it wouldn't work. For
example you could probably write a PAM backend to read the passwords
from a plaintext file (why you would do this, I don't know).... The only
thing would be creating the ldap user when you add a new Active
Directory user. A solution to this would be to poll the Active Directory
and, export the data from Active Directory, mangle it (perl time!), and
then ldapadd it to the Linux LDAP server. Could be done, and run
nightly or however often you need. I did all my Active Directory
modifications (400 users) using a perl script... It added the new unix
UID number, home directory, shell info, everything to the users (after I
had a schema installed).
Henry
On Fri, 2005-02-11 at 11:04, Les Mikesell wrote:
> On Fri, 2005-02-11 at 08:27, Burroughs, Henry wrote:
>
> > Quickest route would be to setup winbindd (part of Samba) on your
> > K12LTSP server, which would allow you to authenticate using the users
> > and groups in ::shudder:: Active Directory.
> >
> > The one warning I can give is with Active Directory Ids-> UID mappings.
>
> Has anyone tried using LDAP for everything but authentication? That is,
> add winbindd or smb authentication to the PAM setup so when local or
> LDAP authentication fails it will check the password against the
> domain controller. That should let you control uid's and home directory
> mapping in LDAP without the issue of having to maintain another copy
> of everyone's password (if you already have them in a domain
> controller). I'm doing local+smb now, but have to create the accounts
> I want on each machine and I could switch to LDAP easily if the
> passwords could still come from the domain controller.
More information about the K12OSN
mailing list