OT: change NT login procedure
mami at arena.sci.univr.it
Wed Jan 31 18:27:37 GMT 2001
On Wed, Jan 31, 2001 at 01:19:56AM +0100, Osama Abu-Aish wrote:
> Hi out there,
> this is somehow OT, but I thought to find the most competent
> people my idea here:
> Since NT-UNIX password / account synchronization is a never
> ending story with many traps I had an idea and wonder if anybody
> has tried this before and could probably help me by sharing
> his/her knowledge.
> Since NT and UNIX use different security models, it is impossible
> to integrate both into one central security database. Samba is
> to a certain degree able to provide authentication to NT, but
> it can't resolve the problem of having two password databases.
> All current implementations try to adapt the UNIX-side to match
> the requirements given by NT.
IMHO administration on large networks is easier with unix than
nt. So if you can install a fresh copy of nt and start using it
without the need of patches, you get a lower TCO.
>Now I wonder if it shouldn't be
> possible to change the NT-side. What I'm dreaming of is all
> our NT WKS authenticating against a LDAP-Server.
I am using a LDAP approach both with linux and windows 2000/nt
(with samba-tng). A user is an entry in the LDAP database which
stores crypt and nt/lm passwords.
> This _must_ somehow be possible since novell manages it
> with their NDS directory.
> What I understand from MS documentation is that custom
> authentication is supported and that two dll's must be created:
> a graphical user interface (GINA) and a authentication package.
> 1.) Does this make sense at all or is it only YASI (Yet another
> stupid idea :-)?
> 2.) Has anybody tried something like this and could provide me
> with any information?
> 3.) Would someone be interested in following this track?
> Greetings, Osama
> Fachhochschule für Technik Esslingen
> Außenstelle Goeppingen
Mirko Manea <mami at mami.net>
More information about the samba-ntdom