[Fwd: Re: [K12OSN] silly ldap questions]

john lists.john at gmail.com
Tue Mar 28 21:30:39 UTC 2006


Has anyone gotten clients using ldap authentication on Linux to
authenticate against active directory?  I'd be interested to know if
such a thing were possible. I've pretty much given up on winbind at
this point.

john

On 3/28/06, David Trask <dtrask at vcsvikings.org> wrote:
> Also bear in mind as you research this, that Samba 4 will change
> everything once again.  Samba 4 will have it's own LDAP packaged right
> along with it.  In the end this should be an excellent thing, but will
> mean we have to rewrite all the how-to's again  :-)
>
>
> qhartman at lane.k12.or.us on Tuesday, March 28, 2006 at 1:25 PM +0000 wrote:
> >-------- Forwarded Message --------
> >From: Quentin Hartman <qhartman at lane.k12.or.us>
> >Reply-To: qhartman at lane.k12.or.us
> >To: Peter Hartmann <ascensiontech at gmail.com>
> >Subject: Re: [K12OSN] silly ldap questions
> >Date: Tue, 28 Mar 2006 10:24:06 -0800
> >
> >On Tue, 2006-03-28 at 12:49 -0500, Peter Hartmann wrote:
> >> Hey Quentin,
> >> Thanks for writing.
> >>
> >> > You certainly can, and this is probably the easiest way to set things
> >up.
> >> > I like to have multiple DNS names point at the same machine, one for
> >each
> >> > service. That way, I can seperate those services out on to other
> >machines
> >> > if I need to without reconfiguring everything.
> >>
> >> That's a great idea.    Just out of curiousity, what would, or could,
> >> you farm out if you needed to?
> >
> >For instance, I am planning on putting LDAP on a dedicated machine this
> >summer. We are putting up more and more services that authenticate to
> >our LDAP directory, so I fear that it is going to become too much of a
> >drag on the machine it is on now. So, I setup a base server (I plan on
> >using Ubuntu) and then load up and configure ldap. Replicate the
> >directory over, update DNS to point to the new server, and I'm done.
> >Nothing else has to change.
> >
> >You can do this with any service. Do you only have one DNS server, but
> >want to easily support up to three for failover? Configure your clients
> >to use NS0, NS1, and NS2, but make NS1 and NS2 aliases to NS0. In
> >reality they all point to the same machine, but once you get your
> >additional DNS servers up, just change the DNS config, and you're done.
> >
> >You can do this with just about anything. I have follett.slane.k12.or.us
> >for our library system, irm.* for our inventory / trouble ticket system,
> >ntp.* for time service, mysql.* for DB, and several others all pointing
> >to a single machine which is also called maple.* . By doing it this way,
> >migrating those services to other machines is dead simple. If I had used
> >the "real" server name (maple.* in this case) rather than the service
> >name, it would be more difficult to split out if I only wanted to move
> >one service.
> >
> >>
> >>
> >> > It sounds like you have everything
> >> > (ltsp, samba, ldap, dhcp, etc.)
> >>
> >> Well, right now all those, with the exception of ldap (since we're
> >> still with linux auth),  are on the same server.   I didn't explain
> >> well enough. Can one have just ldap and not a smb fileserver on a
> >> dedicated machine?  That's the mounting would come in back to the
> >> ltsp, file,dhcp server.  Why?  FIle servers arent cheap and I wouldn't
> >> be messing with the ltsp server other than telling it how to
> >> authenicate, right?.
> >
> >
> >You can have LDAP on a dedicated machine, no problem. If you just put
> >LDAP on a dedicated machine, you only need to tell the LTSP server to
> >authenticate to it. Everything else stays the same.
> >
> >>  (it's working and that's how I like it  :)  ) I
> >> could easily revert to linux auth if things went south right?.   I
> >> hope that's making more sense.
> >
> >As long as you keep you smb.conf sections that are for linux auth, it's
> >easy. In my setup, I actually kept those portions in my config
> >(commented out, of course) for quite some time. I wanted to make sure I
> >had an easy fall back if LDAP didn't work out. I just built two blocks
> >in the config, one for ldap and one for linux, then (un)comented as
> >needed to switch back and forth.
> >
> >I noticed that someone suggested using the smbldap-installer script.
> >That's probably a good start, though after I used it on some test
> >equipment I ended up doing the setup by hand. My config is much larger
> >and more complex than that script is designed to handle, but it was good
> >for learning if nothing else.
> >
> >
> >
> >_______________________________________________
> >K12OSN mailing list
> >K12OSN at redhat.com
> >https://www.redhat.com/mailman/listinfo/k12osn
> >For more info see <http://www.k12os.org>
>
>
>
> David N. Trask
> Technology Teacher/Director
> Vassalboro Community School
> dtrask at vcsvikings.org
> (207)923-3100
>
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>




More information about the K12OSN mailing list