Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Synchronize of LDAP and windows AD password
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Duplicate Threads
View previous topic :: View next topic  
Author Message
nash11
n00b
n00b


Joined: 30 May 2006
Posts: 26
Location: hk
PostPosted: Thu Jul 13, 2006 7:27 am    Post subject: Synchronize of LDAP and windows AD password Reply with quote
We are running LDAP in our linux system , all linux are sharing the password in the linux server ( ldap server ) , now if I want to join it to windows AD so that the linux user password is the same as the one in windows AD , is it possible to make the password of linux ldap and windows AD are synchronized ? thx.
Back to top
View user's profile Send private message
firesox
Tux's lil' helper
Tux's lil' helper


Joined: 24 Nov 2005
Posts: 132
PostPosted: Thu Jul 13, 2006 3:05 pm    Post subject: Reply with quote
At first, there are many scenarios covering this problem. The problem I see is having both, OpenLDAP and Active Directory, joined together based on just the LDAP implementations. I see no way accomplishing that without a good scripting exporting/importing users in LDIF format. If you just want the passwords being in one database, you can outsource this using either the kerberos implementation inside windows 2003 or an external linux based kerberos server. But you sure need the usernames for having a successful authentication process. So every user needs an account in either an external kerberos database or inside the Active Directory to have a working principle for authentication. This produces a little overhead, having users inside OpenLDAP, AD and, if externally used, a Kerberos-Database. Using the windows 2003 kerberos implementation works really perfect. Just install the MIT kerberos package and edit the krb5.conf. For interactive login you should also edit pam.d/system-auth using pam_krb5, and that's it.

Another way is to use samba with your already working OpenLDAP as a backend for samba. You can join this samba server to the windows domain as a domain member server. In this case your users are only inside OpenLDAP, and therefore you can't use the windows kerberos implementation, because there are no users inside. It makes more sense to have a working windows 2003 domain controller serving a domain and joining a samba/openldap server to it or (the emphasis is on or) to have a running openldap/samba server serving a domain and joining windows clients to it. But in this case you don't need an Active Directory and loose group policy management for your windows clients.

It's like everything in life: Just a decision.
Back to top
View user's profile Send private message
curtis119
Bodhisattva
Bodhisattva


Joined: 10 Mar 2003
Posts: 2160
Location: Toledo, Ohio,USA, North America, Earth, SOL System, Milky Way, The Universe, The Cosmos, and Beyond.
PostPosted: Sun Jul 16, 2006 9:35 pm    Post subject: Reply with quote
Moved from Networking & Security to Duplicate Threads.

https://forums.gentoo.org/viewtopic-t-466761-highlight-.html
_________________
Gentoo: it's like wiping your ass with silk.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Duplicate Threads All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy