multi-server/single source authenticaton was Re: [K12OSN] Networking a new school for K12LTSP?

John Lucas mrjohnlucas at gmail.com
Wed Jan 31 00:41:30 UTC 2007


On Tuesday 30 January 2007 18:40, john wrote:
> This has been an interesting thread. It makes me want to raise my own
> question.
>
> Is it possible to do multi-server/single source authenticaton using Active
> Directory rather than LDAP? Right now, we're not able to drop active
> directory for students, but will probably need to add servers as our LTSP
> experiment moves forward. The sticking point has been the way winbind/samba
> creates and maps unix passwords to windows passwords. Essentially each
> installation of Linux that uses Active Directory for authenticaton ends up
> with their own local user/pass db that makes centralized NFS homes
> semi-impossible. Has anyone figured out how to scale Linux and AD?
>
> John
>

First a caveat: I have not (yet) tried to use AD for Linux authentication, but 
I have looked into it somewhat. Since AD is primarily LDAP and Kerberos, it 
should be possible, and chapter 9 of "LDAP System Administration" by Gerald 
Carter (published by O'Reilly) has a pretty good step by step description of 
how to go about it. You will need administrative rights to the Windows 
server, since there will be some additional configuration required.

BTW anyone using LDAP should be interested in the above mentioned book, it is 
a very good practical guide for many uses of LDAP. Highly recommended.

-- 
        "History doesn't repeat itself; at best it rhymes."
                        - Mark Twain

| John Lucas                          MrJohnLucas at gmail.com               |
| St. Thomas, VI 00802                http://mrjohnlucas.googlepages.com/ |
| 18.3°N, 65°W                        AST (UTC-4)                         |




More information about the K12OSN mailing list