OT: change NT login procedure

[Geoff Silver]

We ran into the same problem at my job.  The company uses an NT domain,
and we were trying to integrate Samba file servers.  In order to manage
user accounts without having to maintain dozens of passwd and gorup files,
we went to NIS.  Winbind is the ultimate answer, because it will be able
to obtain user and group info at the filesystem level (something which
Samba doesn't do), but it's still alpha code - not a good idea for
production.

What I ended up doing is writing something to synchronize NIS to NT.  NT
dumps all the user and group info for the domain to a SMB share on an NIS
master.  The master then checks for changes, and automatically updates the
NIS domain.  You get global groups, and you still have local groups on NIS
clients, but you just can't put global groups into local groups.  In
general, it works pretty well if you already have an established NT
domain.  You can try it, if you'd like.
http://uslinux.net/software/autosync/

To answer your question, however: Yes, it is possible to use LDAP as an
authentication mechanism for both Linux, NT, and Samba.  I'm not sure what
state the Samba code is in, but you can do it easily on the Unix side if
you version of Unix supports the name service switch.  I don't know what
it takes to do it under NT, but I can say that Netscape runs their entire
operations doing LDAP authentication (NT, Unix, Mail, etc), so some web
searching might be in order.  I also know an OpenLDAP developer who has
spoken with one of the other developers who has done this successfully
using OpenLDAP.  You might want to mail their lists (openldap.org) and see
what turns up.  If you have success, I'd be very interested in duplicating
it.

-- 
Geoff Silver					<geoff at uslinux dot net>
"Note To Self: Remember to put something witty here later..."