I suppose I should be finishing one project before starting another, but I can’t help myself. I’m going to take on the project of integrating my Linux systems with Microsoft Active Directory, so that a single Active Directory account can be used to authenticate to both Windows-based systems as well as Linux-based systems on our network.
This new effort comes while I have yet to finish my projects on Squid log analysis tools or an internal news server running INN. At least I did get Perdition working as expected, and figured out how to get Mail.app to use STARTTLS with IMAP4.
A couple of the resources I’m using for this effort are bookmarked in my del.icio.us bookmark list. I’ll be adding more there as I find them.
I also have yet to decide if I will use Samba/Winbind or LDAP to handle the cross-platform authentication. I’d love to hear any comments or feedback in this regard.
3 comments
Tuesday, February 6, 2007 at 11:58 am
MarkW
Hi Scott, did you ever get any feedback regarding using Samba/Winbind or LDAP ?
It seems like Samba/Winbind would be easier (I dont think you have to update the Active Directory schema) but I can not find any clear benefits or drawbacks to using either of the methods.
Thanks for your input,
Mark
Tuesday, February 6, 2007 at 10:01 pm
slowe
Mark,
I decided against Samba/Winbind, at least with regards to retrieving UIDs and GIDs. The latest AD integration article is available here:
http://blog.scottlowe.org/2007/01/15/linux-ad-integration-version-4/
I use Kerberos for authentication, LDAP for account information (although this does require a schema extension for pre-R2 systems–not for R2), and Samba to help automate the process of joining the Linux system to the domain.
The key drawback to Winbind, from my perspective, was the dynamic assignment of UIDs and GIDs from system to system. This seemed likely to complicate the matter unnecessarily.
Hope this helps,
Scott
Thursday, February 8, 2007 at 1:24 pm
MarkW
Thanks Scott. I agree, dynamic assignment of the IDs does seem messy.
Mark