Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 29 Jun 2002 12:45:34 +0100
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        Alex <freebsd-reply@akruijff.dds.nl>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: centralized authentication question
Message-ID:  <20020629114534.GB15592@happy-idiot-talk.infracaninophi>
In-Reply-To: <111644664.20020629103036@dds.nl>
References:  <111644664.20020629103036@dds.nl>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sat, Jun 29, 2002 at 10:30:36AM +0200, Alex wrote:

> My aim is to setup a samba PDC and BDC server for a windows network
> and integrate the password database. So that any change will also
> reflect the other OS. To avoid changing the password two times, or
> adding a user twice. Have you guys any tips for me?

I've tried to do just that before, unfortunately somewhat before the
time when Samba had anything like workable domain controller
functionality...

Anyhow, the conclusion I came to at the time was that there wasn't
really any good way to keep the NT and Unix (NIS) password databases
in synch --- about the only approach possible was to use the Samba
config settings which will run the unix passwd or yppasswd commands
whenever it received a password change request from the windows boxes.
It never worked very well and I never found a good way to set the NT
password from a unix box.  Ultimately it turned out that having
separate password databases had it's advantages so we learned to live
with the situation.

Nowadays, I'd look into using LDAP as a common database for both the
Unix and NT account data.  See:

    http://www.skills-1st.co.uk/papers/security-with-ldap-jan-2002/slides.pdf
    http://www.openldap.org/
    http://www.padl.com/OSS/pam_ldap.html

> I have already setup a NIS server and want to setup a kerberos server
> in the near future.

LDAP would replace NIS.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
Tel: +44 1628 476614                                  Marlow
Fax: +44 0870 0522645                                 Bucks., SL7 1TH UK

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020629114534.GB15592>