Single Sign On solution

Sean O'Malley omalleys at
Thu Oct 23 13:15:33 GMT 2008

On Mon, 20 Oct 2008, Laurie Zimmerman wrote:
> I have a client that has 5 RHEL5 servers running Samba 3.028, one Windows
> 2003 Server R2 in a workgroup and a mixture of Windows and Mac clients.
> Currently they have no directory structure in place.  I am wondering about
> solution for SSO.  I am considering implementing AD and joining each of the
> SAMBA servers to the domain but am not sure if an openLDAP solution would
> make more sense.  Any insights very much appreciated!

You -can- run pgina on the windows clients with the ldap plugin, and set
up the corresponding schema's for MacOSX and other unix clients.

pgina works and you -can- chain pgina with the krb5 plugin if you want a
ticket on the windows workstation. Then you should be able to do
ticket passing through samba for auth if you need to mount file shares on
a fileserver.

I don't know if that sounds like a sane solution for you. :)

RH's version of openldap is older and pretty slow, however, it isn't a big
deal unless you get a LOT of users. I had to switch back to fedora with
their version of ldap for performance reasons.

MIT samba kerberos
PGINA main page

pgina with krb5:

  Sean O'Malley, Information Technologist
  Michigan State University

More information about the samba-technical mailing list