Discussion:
FreeBSD and Active Directory
Chris Edwards
2008-06-26 19:20:47 UTC
Permalink
I have been put in charge of creating a single sign-on mechanism for our
Windows 2003 and FreeBSD servers. We are wanting to use Active Directory as
our LDAP server. I know of four different methods that could possibly work.

1. OpenLDAP
2. Radius
3. NIS
4. WinBind / Samba

Which is the most excepted/supported way to do this? Several of the severs
are very old, 4+ years old.

Thanks for any help,

---

Chris Edwards
Derek Ragona
2008-06-26 19:47:41 UTC
Permalink
Post by Chris Edwards
I have been put in charge of creating a single sign-on mechanism for our
Windows 2003 and FreeBSD servers. We are wanting to use Active Directory as
our LDAP server. I know of four different methods that could possibly work.
1. OpenLDAP
2. Radius
3. NIS
4. WinBind / Samba
Which is the most excepted/supported way to do this? Several of the severs
are very old, 4+ years old.
Thanks for any help,
---
Chris Edwards
I have had no trouble using winbind/samba as a secondary controller to the
Windows 2003 AD server. I will say that not all the utilities work, but
the functionality does work just fine.

-Derek
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Rudi Kramer - MWEB
2008-06-27 06:32:50 UTC
Permalink
Hi,
Post by Derek Ragona
I have had no trouble using winbind/samba as a secondary controller to the
Windows 2003 AD server. I will say that not all the utilities work, but
the functionality does work just fine.
Any chance of how a small how-to? I've tried this before but the only
thing I achieved was breaking authentication badly :-)

Thanks
Rudi
Chris Edwards
2008-06-30 15:42:24 UTC
Permalink
What version of Samba are you using? I am getting an error trying to load
the pam_winbind.so when a user tries to authenticate.

---

Chris Edwards
Smartech Corp.
Div. of AirNet Group
http://www.airnetgroup.com
http://www.smartechcorp.net
***@smartechcorp.net
P: 423-664-7678 x114
C: 423-593-6964
F: 423-664-7680


-----Original Message-----
From: owner-freebsd-***@freebsd.org
[mailto:owner-freebsd-***@freebsd.org] On Behalf Of Derek Ragona
Sent: Thursday, June 26, 2008 3:48 PM
To: Chris Edwards; freebsd-***@freebsd.org
Subject: Re: FreeBSD and Active Directory
Post by Chris Edwards
I have been put in charge of creating a single sign-on mechanism for our
Windows 2003 and FreeBSD servers. We are wanting to use Active Directory as
our LDAP server. I know of four different methods that could possibly work.
1. OpenLDAP
2. Radius
3. NIS
4. WinBind / Samba
Which is the most excepted/supported way to do this? Several of the severs
are very old, 4+ years old.
Thanks for any help,
---
Chris Edwards
I have had no trouble using winbind/samba as a secondary controller to the
Windows 2003 AD server. I will say that not all the utilities work, but
the functionality does work just fine.

-Derek
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
freebsd-***@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-***@freebsd.org"
Tom McLaughlin
2008-07-01 16:30:23 UTC
Permalink
Post by Chris Edwards
I have been put in charge of creating a single sign-on mechanism for our
Windows 2003 and FreeBSD servers. We are wanting to use Active Directory as
our LDAP server. I know of four different methods that could possibly work.
1. OpenLDAP
2. Radius
3. NIS
4. WinBind / Samba
Which is the most excepted/supported way to do this? Several of the severs
are very old, 4+ years old.
Thanks for any help,
---
Chris Edwards
You need to handle two things, user identification and user
authentication. OpenLDAP (actually nss_ldap) will do the id part and
kerberos will do the authentication part. Unfortunately my AD related
links for this are at work and I'm at home today.

tom
--
| tmclaugh at sdf.lonestar.org tmclaugh at FreeBSD.org |
| FreeBSD http://www.FreeBSD.org |
Chris Edwards
2008-07-07 14:12:58 UTC
Permalink
Well I figured at all out using Samba's WinBind and Kerberos. I will post
the docs today or tomorrow, after I write them, to my blog at
http://www.ctdx.net for everyones viewing pleasure.


---

Chris Edwards
Smartech Corp.
Div. of AirNet Group
http://www.airnetgroup.com
http://www.smartechcorp.net
***@smartechcorp.net
P: 423-664-7678 x114
C: 423-593-6964
F: 423-664-7680


-----Original Message-----
From: owner-freebsd-***@freebsd.org
[mailto:owner-freebsd-***@freebsd.org] On Behalf Of Tom McLaughlin
Sent: Tuesday, July 01, 2008 12:30 PM
To: Chris Edwards
Cc: freebsd-***@freebsd.org
Subject: Re: FreeBSD and Active Directory
Post by Chris Edwards
I have been put in charge of creating a single sign-on mechanism for our
Windows 2003 and FreeBSD servers. We are wanting to use Active Directory as
our LDAP server. I know of four different methods that could possibly work.
1. OpenLDAP
2. Radius
3. NIS
4. WinBind / Samba
Which is the most excepted/supported way to do this? Several of the severs
are very old, 4+ years old.
Thanks for any help,
---
Chris Edwards
You need to handle two things, user identification and user
authentication. OpenLDAP (actually nss_ldap) will do the id part and
kerberos will do the authentication part. Unfortunately my AD related
links for this are at work and I'm at home today.

tom
--
| tmclaugh at sdf.lonestar.org tmclaugh at FreeBSD.org |
| FreeBSD http://www.FreeBSD.org |

_______________________________________________
freebsd-***@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-***@freebsd.org"
Continue reading on narkive:
Loading...