LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] ldap/PDC

[ILUG] ldap/PDC

Paul Jakma paul at clubi.ie
Fri Nov 26 15:42:14 GMT 2004 

On Fri, 26 Nov 2004, Nils wrote:

> At the moment there is a samba file server working already via winbind.
> (no shares on the nt4 machine).
>
> A few question.
> 1. Do i need kerberos.

What do you want to provide? Replacement for the NT4 PDC? Samba will 
act as NT4 domain PDC/BDC fine, which doesnt need kerberos at all.

If you want to provide Active Directory then, AFAIK, you're stuck. 
MIT krb5kdc can not act as an MS AD KDC because it lacks proprietary 
MS extensions to Kerberos - extensions which MS clients refuse to 
recognise KDC's as Active Directory without (ISTR).

(unless the samba people have gone and implemented an AD compatible 
KDC in samba.. doubt it - but dont know).

> 2. Do i need a dns server/ldap (Active directory) or will a ldap server
> work.

For AD you need LDAP, but see above. Unless Samba now can act as an 
AD KDC, nothing but an MS Windows server can act as an AD 'server'.

For NT4 domains, you dont need LDAP, but LDAP is one of the things 
you could store user information in.

> 3. Is it a good ideas for having the same password for both user logon
> to a win box and email account.( i could have two different directory
> trees)

The fewer passwords users have, the easier it is to enforce strong 
password policies (which both PAM and MIT Krb5 can do). If the 
password they use to access company data that they dont really care 
about is the same password that protects their email (which they 
might well care about protecting) then they're less likely to 
scribble the passwords on post-it notes on monitors and/or share the 
passwords with colleagues.

> whats the most sane way to set up this, so administration doesn't take a
> rocket scientist to understand.

I suggest you read the Samba docs ;)

regards,
-- 
Paul Jakma	paul at clubi.ie	paul at jakma.org	Key ID: 64A2FF6A
Fortune:
I can't decide whether to commit suicide or go bowling.
 		-- Florence Henderson

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell