[Date Prev][Date Next]
RE: Win2k domain authing against Linux OpenLDAP
Sorry, you're of course correct. I forgot that Win2K will work in NT
compatibility mode. Support for Win2K/Kerberos isn't quite there yet.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Andrew Crum
> > It is extremely difficult. I haven't heard any success stories,
> in fact. I
> > wouldn't say that it can't be done, just that it hasn't happened yet.
> Not true. It has happened many times. The difficulty depends on what you
> want to do with Windows machines and LDAP.
> Look at Samba-TNG www.samba-tng.org. Their code is in alpha stages.
> If you want something more stable look at Samba 2.2. There is a
> patch to fix
> LDAP support, and it has just merged into the CVS, the next release 2.2.2
> will most likely include it. It seems to be stable enough for a production
> environment. Although it lacks a few features than that of
> Samba-TNG with an
> LDAP backend...tough decision...features....or stability.
> The windows guy is blowing smoke up your ass. I think it's the other way
> around, he is finding many docs that say it _CAN_ be done.
> Although, it is possible to use an Active Directory and auth
> against that. I
> would *highly* recommend to NOT use SFU (Services for Unix). Use pam_ldap
> and nss_ldap to auth your unix users.
> To sum it all up, it can be done both ways.
> > -- Howard Chu
> > Chief Architect, Symas Corp. Director, Highland Sun
> > http://www.symas.com http://highlandsun.com/hyc
> > > -----Original Message-----
> > > From: owner-openldap-software@OpenLDAP.org
> > > [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of
> Robert Harris
> > > Sent: Friday, August 31, 2001 2:44 PM
> > > To: Openldap-Software (E-mail)
> > > Subject: Win2k domain authing against Linux OpenLDAP
> > >
> > >
> > >
> > > I've about got my OpenLDAP server working for Solaris and
> > > Linux. Part of
> > > the company is using windows, most migrating to 2k soon.
> Nothing I can
> > > about this so it is out of my hands.
> > >
> > > At any rate, we want those to authenticate against the OpenLDAP
> > > also. The
> > > windows guy
> > > is saying he is finding alot of docs saying it can't be done. He
> > > is pushing
> > > for an ADS server authentication to be master for everything and throw
> > > LDAP out.
> > >
> > > Is he wrong, mis-informed or just blowing smoke or what? Any
> > > suggestions?
> > >