[geeks] single sign-on, centralized auth

Simeon Johnston simeonuj at indivisuallearning.com
Fri Jul 19 09:04:39 CDT 2002 

This is what we use here.  We have a Win2k server doing domain control 
with winbind setup on several samba servers.  As well as doing VPN auth 
and soon to do wireless vpn auth thingy too.
:-)
We don't use Solaris here though, and the IRIX machine hasn't been setup 
yet.
Though Linux will use the domain logins (I can login and get a shell 
using my domain user :-)

I've never used Solaris but it seems to me that if you can get samba and 
PAM working correctly it would work fine accross all the servers.
There is even a patch for Netatalk to use samba users (or PAM or 
something like that.  I didn't set this up so I can't remember exactly 
what the patch does)..
So, basically, we have one domain controller that authenticates 
Netatalk/Samba and VPN connections.

sim

Dave Kimmel wrote:

>On Thu, 18 Jul 2002, Kurt Huhn wrote:
>
>  
>
>>My first research project at $job fell into my lap while trying to get my VPN
>>tunnel setup today.  What I've got to do is come up with a way to centralize
>>the authentication.  I'm looking for somthing to centralize UIDs, GIDs, and
>>work across Solaris, Windows, Linux, etc.
>>
>>Any ideas?  The only thing I've used before was RSA ACE/Server, and that costs
>>$$$$...
>>    
>>
>
>Samba now has a thing called Winbind which might do this.  It integrates
>into the resolver and PAM using shared libraries.  When someone logs on to
>the unix box with a windows username and password it allocates a unix uid
>and creates a home directory.  The NT<->Unix uid mapping is automatically
>built up over time as people log in.  This assumes that you want all of
>the authentication and management to take place on the Windows side of
>things.  I know it works for Linux and it probably works for Solaris too.
>
>Of course, the other Samba alternative is to make Samba into a domain
>controller, which moves the authentication and management over to the unix
>side.  As for getting Solaris in there, you could use NIS or something and
>all Samba would do is bridge whatever you use for the unixes over to
>Windows.

More information about the geeks mailing list