Single Sign On solution
Sean O'Malley
omalleys at msu.edu
Thu Oct 23 13:15:33 GMT 2008
On Mon, 20 Oct 2008, Laurie Zimmerman wrote:
> I have a client that has 5 RHEL5 servers running Samba 3.028, one Windows
> 2003 Server R2 in a workgroup and a mixture of Windows and Mac clients.
> Currently they have no directory structure in place. I am wondering about
> solution for SSO. I am considering implementing AD and joining each of the
> SAMBA servers to the domain but am not sure if an openLDAP solution would
> make more sense. Any insights very much appreciated!
You -can- run pgina on the windows clients with the ldap plugin, and set
up the corresponding schema's for MacOSX and other unix clients.
pgina works and you -can- chain pgina with the krb5 plugin if you want a
ticket on the windows workstation. Then you should be able to do
ticket passing through samba for auth if you need to mount file shares on
a fileserver.
I don't know if that sounds like a sane solution for you. :)
RH's version of openldap is older and pretty slow, however, it isn't a big
deal unless you get a LOT of users. I had to switch back to fedora with
their version of ldap for performance reasons.
MIT samba kerberos
http://sourceforge.net/projects/pgina
PGINA main page
http://sourceforge.net/projects/pgina
or http://www.pgina.org
pgina with krb5:
http://pages.cs.wisc.edu/~timc/pgina/
--------------------------------------
Sean O'Malley, Information Technologist
Michigan State University
-------------------------------------
More information about the samba-technical
mailing list