View previous topic :: View next topic |
Author |
Message |
nash11 n00b
Joined: 30 May 2006 Posts: 26 Location: hk
|
Posted: Thu Jul 13, 2006 7:27 am Post subject: Synchronize of LDAP and windows AD password |
|
|
We are running LDAP in our linux system , all linux are sharing the password in the linux server ( ldap server ) , now if I want to join it to windows AD so that the linux user password is the same as the one in windows AD , is it possible to make the password of linux ldap and windows AD are synchronized ? thx. |
|
Back to top |
|
|
firesox Tux's lil' helper
Joined: 24 Nov 2005 Posts: 132
|
Posted: Thu Jul 13, 2006 3:05 pm Post subject: |
|
|
At first, there are many scenarios covering this problem. The problem I see is having both, OpenLDAP and Active Directory, joined together based on just the LDAP implementations. I see no way accomplishing that without a good scripting exporting/importing users in LDIF format. If you just want the passwords being in one database, you can outsource this using either the kerberos implementation inside windows 2003 or an external linux based kerberos server. But you sure need the usernames for having a successful authentication process. So every user needs an account in either an external kerberos database or inside the Active Directory to have a working principle for authentication. This produces a little overhead, having users inside OpenLDAP, AD and, if externally used, a Kerberos-Database. Using the windows 2003 kerberos implementation works really perfect. Just install the MIT kerberos package and edit the krb5.conf. For interactive login you should also edit pam.d/system-auth using pam_krb5, and that's it.
Another way is to use samba with your already working OpenLDAP as a backend for samba. You can join this samba server to the windows domain as a domain member server. In this case your users are only inside OpenLDAP, and therefore you can't use the windows kerberos implementation, because there are no users inside. It makes more sense to have a working windows 2003 domain controller serving a domain and joining a samba/openldap server to it or (the emphasis is on or) to have a running openldap/samba server serving a domain and joining windows clients to it. But in this case you don't need an Active Directory and loose group policy management for your windows clients.
It's like everything in life: Just a decision. |
|
Back to top |
|
|
curtis119 Bodhisattva
Joined: 10 Mar 2003 Posts: 2160 Location: Toledo, Ohio,USA, North America, Earth, SOL System, Milky Way, The Universe, The Cosmos, and Beyond.
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|