[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Win2k domain authing against Linux OpenLDAP

To: "Andrew Crum" <acrum@oculustech.com>, <openldap-software@OpenLDAP.org>
Subject: RE: Win2k domain authing against Linux OpenLDAP
From: "Howard Chu" <hyc@highlandsun.com>
Date: Fri, 31 Aug 2001 18:16:41 -0700
Importance: Normal
In-reply-to: <003301c1327c$55990630$7502a8c0@zamorano>

Sorry, you're of course correct. I forgot that Win2K will work in NT
compatibility mode. Support for Win2K/Kerberos isn't quite there yet.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Andrew Crum

> > It is extremely difficult. I haven't heard any success stories,
> in fact. I
> > wouldn't say that it can't be done, just that it hasn't happened yet.
>
> Not true. It has happened many times. The difficulty depends on what you
> want to do with Windows machines and LDAP.
>
> Look at Samba-TNG www.samba-tng.org. Their code is in alpha stages.
>
> If you want something more stable look at Samba 2.2. There is a
> patch to fix
> LDAP support, and it has just merged into the CVS, the next release 2.2.2
> will most likely include it. It seems to be stable enough for a production
> environment. Although it lacks a few features than that of
> Samba-TNG with an
> LDAP backend...tough decision...features....or stability.
>
> The windows guy is blowing smoke up your ass. I think it's the other way
> around, he is finding many docs that say it _CAN_ be done.
>
> Although, it is possible to use an Active Directory and auth
> against that. I
> would *highly* recommend to NOT use SFU (Services for Unix). Use pam_ldap
> and nss_ldap to auth your unix users.
>
> To sum it all up, it can be done both ways.
>
> -Andrew
>
> >
> >   -- Howard Chu
> >   Chief Architect, Symas Corp.       Director, Highland Sun
> >   http://www.symas.com               http://highlandsun.com/hyc
> >
> > > -----Original Message-----
> > > From: owner-openldap-software@OpenLDAP.org
> > > [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of
> Robert Harris
> > > Sent: Friday, August 31, 2001 2:44 PM
> > > To: Openldap-Software (E-mail)
> > > Subject: Win2k domain authing against Linux OpenLDAP
> > >
> > >
> > >
> > >   I've about got my OpenLDAP server working for Solaris and
> > > Linux.  Part of
> > > the company is using windows, most migrating to 2k soon.
> Nothing I can
> do
> > > about this so it is out of my hands.
> > >
> > >   At any rate, we want those to authenticate against the OpenLDAP
> > > also.  The
> > > windows guy
> > > is saying he is finding alot of docs saying it can't be done.  He
> > > is pushing
> > > for an ADS server authentication to be master for everything and throw
> the
> > > LDAP out.
> > >
> > >   Is he wrong, mis-informed or just blowing smoke or what?  Any
> > > suggestions?
> > >
> >
> >
>

References:
- Re: Win2k domain authing against Linux OpenLDAP
  - From: "Andrew Crum" <acrum@oculustech.com>

Prev by Date: Re: Win2k domain authing against Linux OpenLDAP
Next by Date: Re: Open LDAP on Windows 2000
Index(es):
- Chronological
- Thread