Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux+Windows Single Sign-on

Posted by timothy on from the what-a-concept dept.

musichead writes "Bill Boswell (writing for redmondmag.com) has posted an interesting article on configuring Linux clients to utilize a single sign-on and play nicely in a Microsoft Active Directory network. The article focuses on Fedora Core 2 (and the Core 3 beta), but he has examples and instructions for SuSE Linux 9.1 Professional, Mandrake 10.1 and Xandros Desktop 2.5 on his website."

12 of 40 comments (clear)

  1. mit has single sign-on using kerberos by lysander · · Score: 3, Informative

    Not that many sites use kerberos, but mit has had single sign-on with kerberos for quite some time.

    --
    GET YOUR WEAPONS READY! --DR.LIGHT
    1. Re:mit has single sign-on using kerberos by (startx) · · Score: 2, Informative

      UMR has also had SSO with kerberos for a long time now.

    2. Re:mit has single sign-on using kerberos by Short+Circuit · · Score: 2, Informative

      Grand Rapids Community College has nearly all of their services (including the Linux classes' box) use Novell for authentication.

      --
      tasks(723) drafts(105) languages(484) examples(29106)
  2. Odd seeing this come from Redmond... by Stop+Error · · Score: 2, Insightful

    However this will be useful information to have on had the next time I propose a Linux server to my M$ Centric managment.

    I wonder why the various Linux Vendors have not had some kind of setting during install to allow authentication to an Active Directory. It would make the "Linux infiltration" simpler!

    --
    No keyboard detected. Press any key to continue.
    1. Re:Odd seeing this come from Redmond... by Glamdrlng · · Score: 3, Informative
      I wonder why the various Linux Vendors have not had some kind of setting during install to allow authentication to an Active Directory.
      I haven't made use of it yet, but during install Suse9.2 gives you the option of pointing the authentication piece to active directory.
      --

      Yes, my only tool is a hammer. And you're starting to look like a nail.
  3. Re:Won't work with XP Home by Squatchman · · Score: 3, Insightful

    That's what I love about /.

    That hip "underground" (read: mom's basement) crowd that doesn't see the benefit in something like this. The minute people like the parent see the word microsoft they go into a self-induced froth and start posting flames annonymously. Does your face get red too?

    A lot of existing businesses already have the Microsoft infrastructure in place(AD included). Something like this would open the door for Linux clients/servers as a gradual upgrade option for those businesses that can't just switch over to a new platform all at once.

  4. Easier the other way by gregmac · · Score: 2, Interesting

    I've had "single sign-on" for a while now, using Samba as my PDC (originally replaced my NT server about 3 years ago). It wasn't overly difficult to set up, but basically it's running LDAP at the very bottom, and Samba users LDAP as it's database. I can also authenticate from other linux boxes directly against the LDAP server.

    I also integrated a number of web applications into it so they authenticate against the LDAP server as well. This isn't always quite as nice - you usually have to type your user/pass in again - but at least it's synchronized with your main account.

    As far as end-users are concerned, the result is the same. None of my end-users know any difference between running on this or a Windows server, I don't have any more work to do (things seem to break less than they did with NT .. but I never had stats on this so I can't say for sure) and it's a lot easier to get updates now. And above all, it saves us a lot of money in licencing fees.

    --
    Speak before you think
    1. Re:Easier the other way by Mastoid · · Score: 2, Interesting

      Those are good reasons to set things up that way. I've done the same thing in small offices. I stress "small" offices.

      There are good reasons to do things the other way around. That is, a network of Windows AD servers providing the SSO and Unix clients authenticating against them.

      I run a large distributed network where I rely on Windows capabilities to minimize maintenance on client desktops. Group Policy is at the top of the list here. When Linux can natively subsitute itself for an AD controller instead of an NT PDC, and can enforce policies on the domain, I'll give it another chance as a SSO provider.

      --
      I had an argument...with the person here at the university that teaches OS design. I wonder when I'll learn --Linus
  5. Re:Won't work with XP Home by dn15 · · Score: 2, Funny
    XP Home won't log onto domains. It's bloody annoying for geeks with several computers in the house...
    It sure would be. Good thing real geeks don't use Windows. :P
  6. Just tried this out. by Godeke · · Score: 2, Informative

    Having for a long time intended to link my Linux box to my home LAN's AD, this was just the ticket to try it. Overall things went well, although the instructions completely skip over the actual configuration of the krb5.conf file.

    In particular, this is a huge oversite because things don't work as expected. After some googling I discovered that you must specify the domain as MYDOMAIN.LOCAL, all caps. This must be done in several places, otherwise it throws cryptic errors.

    With that one proviso in place, I would say the rest of the instructions were sufficient for me to figure it out in 30 minutes. Both directions authenticate properly.

    --
    Sig under construction since 1998.
  7. Further Resources by olyar · · Score: 2, Informative
    FWIW, here's some links to more info on getting this done...

    One is the official HOWTO
    http://us4.samba.org/samba/docs/man/Samba-HOWTO-Co llection/winbind.html

    The other is from the Samba 3 by Example
    http://us4.samba.org/samba/docs/man/Samba-Guide/ke rberos.html

    --
    Custom, hands-free Linux installs. Instalinux
  8. Re:Won't work with XP Home by drsmithy · · Score: 2

    Then perhaps its worth pointing that most homes won't have an Active Directory infrastructure as well...