[Samba] Re: Single Sign On

Jamrock news_jamrock at yahoo.com
Sat Feb 14 23:18:54 GMT 2004 

"Mani, Greg SPAWAR" <greg.mani at navy.mil> wrote in message
news:00E4BF0C009B8544B4010B1D6D86E42A0144A592 at NAWESPSCEX08VA.nadsuswe.nads.navy.mil...
>      We have a network of PCs running XP and servers running Win 2k and
Win 2003.  User Account management is done with Active Directory (AD).  We
want to add some Sun Solaris computers to this network.  One of the network
guys said that Samba could be used as a single sign on solution for a
network of Windows and Solaris computers.  He said that Samba 3.x provided
the capability to use Active Directory to manage/synchronize the user
accounts.  In other words, with Samba, the accounts on the AD server could
be used when logging onto the Solaris computers, the Xp computers, and the
Windows servers.

You did not specify how you wanted to use the Solaris machines.  Do you want
to run Solaris applications on them or do you want them to be able to access
shares on the Windows network?

Samba will allow your Unix/Linux machines to access Windows shares.  This
happens because Samba uses the same SMB/CIFS protocol that Windows uses.

Single Sign On  (SSO) to me is a separate issue.  SSO allows you to have one
database of usernames and passwords.  Users can access this database and be
authenticated no matter which operating system they are using.

OpenLDAP is one of the user database backends that Samba 3.x can use.

If you use an OpenLDAP database of usernames and passwords, Windows clients
and Linux/Unix clients can use it for authentication.

To do this you would need to use a Linux/Unix machine running Samba and
OpenLDAP for authentication.

The Linux/Unix client's don't need Samba.  OpenLDAP can be used to replace
the traditional password files that Linux/Unix machines use for user
authentication.

The Windows clients need Samba and OpenLDAP.

 A Samba member server can authenticate against Active Directory,  However,
Samba will not allow you to use Active Directory to authenticate the Solaris
boxes.

This is my understanding of how the process works.  Perhaps John or Jerry
would like to comment.

More information about the samba mailing list