Paul, I believe the some combination of pam_smb_auth and windbindd (nss_winbind) can serve your purpose. As someone else said, though, I don't know about the security of such a setup. Unlike one poster wrote (forgot who), however, I *think* that you do need a machine account on the PDC in order to even join the domain. Otherwise it's no dice. From what I read on the samba site about the winbind solution is that you actually will see \\DOMAIN\USER when you do a who at the Linux command line for any user that is logged into the Linux box via the PDC. Pretty nifty stuff. The news on the ldap front, unfortunately, isn't as good. But here, I speak from experience, where I haven't tried pam_smb_auth/winbindd. Unless you want plain old LDAP without SSL (extremely insecure -- can you say: cleartext passwords flying across your LAN? Ugh, worse than NIS), I found the OpenLDAP with SSL(or TLS, whatever) extremely complex to set up and I always had weird problems, particularly with NFS. Note that I speak in the past tense: I got so fed up with it after almost a year, that I've switched back to NIS.
On Tue, 2002-05-21 at 16:37, [EMAIL PROTECTED] wrote: > > Hi all, > > I need to set up a lab environment. Currently there is nothing. > What I'd *like* to do is set up the environment so that all the > systems authenticate against a central LDAP or NT PDC server. > > The catch is, I don't own the servers I want to authenticate against. > I'm *hoping* the LDAP server exists, but I'm not sure it does. In > which case, I'd like to authenticate against an NT PDC. > > Does anyone know if you *can* authenticate against an NT PDC using > Linux? What about with Solaris? Do I need any special access granted > by the NT PDC to allow hosts to authenticate, such as a domain > account for each machine ? > > The short of it is that I don't want to have to manage user accounts > if I don't have to :) > > Has anyone else done anything like this before? > > Thanks! > > > -- > > Seeya, > Paul > > > > ***************************************************************** > To unsubscribe from this list, send mail to [EMAIL PROTECTED] > with the text 'unsubscribe gnhlug' in the message body. > ***************************************************************** > -- -Paul Iadonisi Senior System Administrator Red Hat Certified Engineer / Local Linux Lobbyist Ever see a penguin fly? -- Try Linux. GPL all the way: Sell services, don't lease secrets ***************************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *****************************************************************
