| View previous topic :: View next topic |
| Author |
Message |
Jason Williard
Guest
|
 Posted: Wed Jun 01, 2005 1:02 am Post subject: Single Password - Linux & Windows |
 |
|
I have 5 servers; 3 RedHat and 2 Windows 2003 Server. I would like to use a
single password for all of these. When thinking about this, I had 2
thoughts that came to mind. 1) Setup the 2 Windows servers as domain
controllers and find a mechanism to connect the linux machines to that. 2)
Setup 2 of the linux machines with Samba to act as domain controllers.
Unfortunately, I don't know which is the best option, or if either of these
is the best.
What is the best way for me to do this? In the end, I would like to have
the system administrators be able to login to any of the servers with a
single login. As well, I would like to use the password for specific access
for employees, such as pop3/imap/smtp and a few other integrated services.
Any suggestions or information would be appreciated.
Thank You,
Jason Williard |
|
| |
|
 Back to top |
Anne & Lynn Wheeler
Guest
|
| Posted: Wed Jun 01, 2005 1:24 am Post subject: Re: Single Password - Linux & Windows |
|
|
"Jason Williard" <jwilliard@pcsafe.net> writes:
| Quote: | I have 5 servers; 3 RedHat and 2 Windows 2003 Server. I would like
to use a single password for all of these. When thinking about
this, I had 2 thoughts that came to mind. 1) Setup the 2 Windows
servers as domain controllers and find a mechanism to connect the
linux machines to that. 2) Setup 2 of the linux machines with Samba
to act as domain controllers. Unfortunately, I don't know which is
the best option, or if either of these is the best.
What is the best way for me to do this? In the end, I would like to
have the system administrators be able to login to any of the
servers with a single login. As well, I would like to use the
password for specific access for employees, such as pop3/imap/smtp
and a few other integrated services.
Any suggestions or information would be appreciated.
|
in theory, an underlying m'soft mechanism is kerberos ... so it should
be possible to deploy a kerberos configuration (across both windows
and many other operating systems).
(windows) kerberos interoperability
http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prdp_log_tjil.asp
windows kerberos security tutorial
http://www.mcmcse.com/win2k/guides/kerberos.shtml
from my rfc index
http://www.garlic.com/~lynn/rfcietff.htm
select "Term (term->RFC#)" in the "RFCs listed by" section
and scroll down to kerberos:
kerberos
see also authentication , security
3962 3961 3244 3129 2942 2712 2623 1964 1510 1411
....
selecting any of the RFC numbers then brings up the summary for that
RFC. in the summery field, selecting the ".txt=nnnn" field retrieves
the actual RFC.
some past kerberos related postings:
http://www.garlic.com/~lynn/subpubkey.html#kerberos
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/ |
|
| |
|
| Back to top |
Menno Duursma
Guest
|
| Posted: Wed Jun 01, 2005 2:34 am Post subject: Re: Single Password - Linux & Windows |
|
|
On Tue, 31 May 2005 13:02:23 -0700, Jason Williard wrote:
| Quote: | I have 5 servers; 3 RedHat and 2 Windows 2003 Server. I would like to
use a single password for all of these. When thinking about this, I
had 2 thoughts that came to mind. 1) Setup the 2 Windows servers as
domain controllers and find a mechanism to connect the linux machines to
that.
|
That shuldn't be too hard, provided you have the MS-Windows boxen setup to
be KDCs for some Kerberos realm (AD.) Just setup /etc/krb5.conf and
/etc/samba/smb.conf on Linux, "net join" (or some such (Google Groups for
my name and AD ... maybe) And name your Unix accounts like the ones in M$
then either pam_krb5 or pam_winbind (run "winbindd" on the 'clients'.)
Fedora Core 3 (so probably RedHat) has some kind of menu under "setup"
that should do this, but it failed on me.
| Quote: | 2) Setup 2 of the linux machines with Samba to act as domain
controllers.
|
Well, in that case you can only use NTLM. As Samba 3.x can only act as a
member (not a controller) in MS-LDAP/MS-Kerberos due the PAC screw.
| Quote: | Unfortunately, I don't know which is the best option, or if either of
these is the best.
|
I would go (and have gone) for M$ being the Kerberos KDCs and Linux
clients to them, for now. Otherwise you'd have run some Unix/Linux as KDCs
as well, and setup cross-realm trust between them and MS-AD (or fallback
to NTLM instead.)
| Quote: | What is the best way for me to do this? In the end, I would like to
have the system administrators be able to login to any of the servers
with a single login.
|
Kerberos.
| Quote: | As well, I would like to use the password for specific access for
employees, such as pop3/imap/smtp and a few other integrated services.
|
That is an authorization not an authentication issue. Probably: edit
/etc/passwd with the shell set to /bin/false (nologin) and configure the
daemons to allow/disallow some account (maybe based an the groups thier a
member of) or some such. And have fun reading up on PAM, LDAP and your
services / daemons setup in thier respective docs.
| Quote: | Any suggestions or information would be appreciated.
Thank You,
|
Sure thing, have fun.
--
-Menno. |
|
| |
|
| Back to top |
Kevin Wheeler
Guest
|
| Posted: Wed Jun 01, 2005 3:02 am Post subject: Re: Single Password - Linux & Windows |
|
|
Take a look at these products. They provide true single sign-on across all
platforms.
http://www.centrify.com
http://www.vintela.com
"Anne & Lynn Wheeler" <lynn@garlic.com> wrote in message
news:m38y1vi1ot.fsf@lhwlinux.garlic.com...
| Quote: | "Jason Williard" <jwilliard@pcsafe.net> writes:
I have 5 servers; 3 RedHat and 2 Windows 2003 Server. I would like
to use a single password for all of these. When thinking about
this, I had 2 thoughts that came to mind. 1) Setup the 2 Windows
servers as domain controllers and find a mechanism to connect the
linux machines to that. 2) Setup 2 of the linux machines with Samba
to act as domain controllers. Unfortunately, I don't know which is
the best option, or if either of these is the best.
What is the best way for me to do this? In the end, I would like to
have the system administrators be able to login to any of the
servers with a single login. As well, I would like to use the
password for specific access for employees, such as pop3/imap/smtp
and a few other integrated services.
Any suggestions or information would be appreciated.
in theory, an underlying m'soft mechanism is kerberos ... so it should
be possible to deploy a kerberos configuration (across both windows
and many other operating systems).
(windows) kerberos interoperability
http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prdp_log_tjil.asp
windows kerberos security tutorial
http://www.mcmcse.com/win2k/guides/kerberos.shtml
from my rfc index
http://www.garlic.com/~lynn/rfcietff.htm
select "Term (term->RFC#)" in the "RFCs listed by" section
and scroll down to kerberos:
kerberos
see also authentication , security
3962 3961 3244 3129 2942 2712 2623 1964 1510 1411
...
selecting any of the RFC numbers then brings up the summary for that
RFC. in the summery field, selecting the ".txt=nnnn" field retrieves
the actual RFC.
some past kerberos related postings:
http://www.garlic.com/~lynn/subpubkey.html#kerberos
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/ |
|
|
| |
|
| Back to top |
Anne & Lynn Wheeler
Guest
|
| Posted: Wed Jun 01, 2005 4:27 am Post subject: Re: Single Password - Linux & Windows |
|
|
disclaimer .... kerberos was a project athena activity at MIT. DEC
and IBM equally funded athena for $50m total (unrelated drift, ibm
funded cmu for mach/andrew stuff alone for $50m). in any case, in
previous life, my wife and I got to periodically visit project athena
for reviews ... including kerberos.
not too long ago ... i was at a SAML-based product description and they
were describing cross-domain support. in looked to me like the same
exact flows that had been presented for cross-domain kerberos (we
happened to be visiting athena right in the middle of the cross-domain
invention) ... except with saml messages instead of kerberos tickets.
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/ |
|
| |
|
| Back to top |
matt_left_coast
Guest
|
| Posted: Wed Jun 01, 2005 8:25 am Post subject: Re: Single Password - Linux & Windows |
|
|
Jason Williard wrote:
| Quote: | I have 5 servers; 3 RedHat and 2 Windows 2003 Server. I would like to use
a
single password for all of these. When thinking about this, I had 2
thoughts that came to mind. 1) Setup the 2 Windows servers as domain
controllers and find a mechanism to connect the linux machines to that.
2) Setup 2 of the linux machines with Samba to act as domain controllers.
Unfortunately, I don't know which is the best option, or if either of
these is the best.
What is the best way for me to do this? In the end, I would like to have
the system administrators be able to login to any of the servers with a
single login. As well, I would like to use the password for specific
access for employees, such as pop3/imap/smtp and a few other integrated
services.
Any suggestions or information would be appreciated.
Thank You,
Jason Williard
|
It has been a while since I set it up, but Linux uses PAM (plugable
authentication module). What this means is you can change how your Linux
system authenticates your user.
In short you can use a module that will let make it so your Linux system and
your Samba network authenticate against the same password DB. I had it set
up once and it worked great. There is a discusion of this in the Samba
documentation. I don't think it will work with Active Directory, but it
will work as an NT Domain Controller. This is done on the Linux Server.
http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/pam.html |
|
| |
|
| Back to top |
Daniel
Guest
|
| Posted: Wed Jun 01, 2005 12:34 pm Post subject: Re: Single Password - Linux & Windows |
|
|
Jason Williard wrote:
| Quote: | I have 5 servers; 3 RedHat and 2 Windows 2003 Server. I would like to use a
single password for all of these. When thinking about this, I had 2
thoughts that came to mind. 1) Setup the 2 Windows servers as domain
controllers and find a mechanism to connect the linux machines to that. 2)
Setup 2 of the linux machines with Samba to act as domain controllers.
Unfortunately, I don't know which is the best option, or if either of these
is the best.
What is the best way for me to do this? In the end, I would like to have
the system administrators be able to login to any of the servers with a
single login. As well, I would like to use the password for specific access
for employees, such as pop3/imap/smtp and a few other integrated services.
Any suggestions or information would be appreciated.
Thank You,
Jason Williard
|
LDAP, LDAP, LDAP!!! Use Windows 2K3 domain controllers for
authentication. Then set up linux to use LDAP (via PAM i think it is
called) to authenticate you to log onto any computer. In SuSe you can
do it vi YaST, I do not know about RedHat though.
--
Daniel
MCSE, MCP+I, MCP in Windows 2000/NT
--------------------------------------
remove the 2nd madrid from my mail address to contact me. |
|
| |
|
| Back to top |
Mats
Guest
|
| Posted: Wed Jun 01, 2005 1:50 pm Post subject: Re: Single Password - Linux & Windows |
|
|
Take a look at services for unix. It can provide login support and user
handeling for Unix clients against your AD. It's also a free download from
MS
"Jason Williard" <jwilliard@pcsafe.net> wrote in message
news:762dnQTt8MMoXwHfRVn-iw@comcast.com...
| Quote: | I have 5 servers; 3 RedHat and 2 Windows 2003 Server. I would like to use
a
single password for all of these. When thinking about this, I had 2
thoughts that came to mind. 1) Setup the 2 Windows servers as domain
controllers and find a mechanism to connect the linux machines to that.
2)
Setup 2 of the linux machines with Samba to act as domain controllers.
Unfortunately, I don't know which is the best option, or if either of
these
is the best.
What is the best way for me to do this? In the end, I would like to have
the system administrators be able to login to any of the servers with a
single login. As well, I would like to use the password for specific
access
for employees, such as pop3/imap/smtp and a few other integrated services.
Any suggestions or information would be appreciated.
Thank You,
Jason Williard
|
|
|
| |
|
| Back to top |
James Garvin
Guest
|
| Posted: Wed Jun 01, 2005 8:23 pm Post subject: Re: Single Password - Linux & Windows |
|
|
Daniel wrote:
| Quote: | Jason Williard wrote:
I have 5 servers; 3 RedHat and 2 Windows 2003 Server. I would like to
use a single password for all of these. When thinking about this, I
had 2 thoughts that came to mind. 1) Setup the 2 Windows servers as
domain controllers and find a mechanism to connect the linux machines
to that. 2) Setup 2 of the linux machines with Samba to act as domain
controllers. Unfortunately, I don't know which is the best option, or
if either of these is the best.
What is the best way for me to do this? In the end, I would like to
have the system administrators be able to login to any of the servers
with a single login. As well, I would like to use the password for
specific access for employees, such as pop3/imap/smtp and a few other
integrated services.
Any suggestions or information would be appreciated.
Thank You,
Jason Williard
LDAP, LDAP, LDAP!!! Use Windows 2K3 domain controllers for
authentication. Then set up linux to use LDAP (via PAM i think it is
called) to authenticate you to log onto any computer. In SuSe you can
do it vi YaST, I do not know about RedHat though.
|
I agree with LDAP and PAM, but you need to include Samba.
Keep in mind you might have to install MIT Kerberos on the Win2k3
machines. With Win2k Kerberos and MIT Kerberos are "different." |
|
| |
|
| Back to top |
Tolete
Guest
|
| Posted: Tue Jun 06, 2006 7:57 am Post subject: Re: Single Password - Linux & Windows |
|
|
I found this , should be usefull:
http://www.redmondmag.com/columns/article.asp?EditorialsID=858
Thanks.
Webmaster www.hostpupil.com , web hosting database.
"Mats" <matsmcp@hotmail.com> wrote in message
news:uvyM9boZFHA.2212@TK2MSFTNGP14.phx.gbl...
| Quote: | Take a look at services for unix. It can provide login support and user
handeling for Unix clients against your AD. It's also a free download from
MS
"Jason Williard" <jwilliard@pcsafe.net> wrote in message
news:762dnQTt8MMoXwHfRVn-iw@comcast.com...
I have 5 servers; 3 RedHat and 2 Windows 2003 Server. I would like to
use
a
single password for all of these. When thinking about this, I had 2
thoughts that came to mind. 1) Setup the 2 Windows servers as domain
controllers and find a mechanism to connect the linux machines to that.
2)
Setup 2 of the linux machines with Samba to act as domain controllers.
Unfortunately, I don't know which is the best option, or if either of
these
is the best.
What is the best way for me to do this? In the end, I would like to have
the system administrators be able to login to any of the servers with a
single login. As well, I would like to use the password for specific
access
for employees, such as pop3/imap/smtp and a few other integrated
services.
Any suggestions or information would be appreciated.
Thank You,
Jason Williard
|
|
|
| |
|
| Back to top |
|
