Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Ideas for best Single Sign-on solution?

If none of the specific sub-forums seem right for your thread, ask here.
Post Reply
Message
Author
User avatar
Humbletech99
Posts: 365
Joined: 2005-12-29 00:03

Ideas for best Single Sign-on solution?

#1 Post by Humbletech99 »

Hi,
I'm currently debating migrating from an NT4 domain to an Active Directory domain or to a Samba domain. I would like ideas regarding this migration and the possibilities, or just people's opinion's and/or experiences.

I know AD is far ahead of Samba, but is it worth the money if all you're using it for is user authentication. Isn't it overcomplicated with LDAP and Kerberos?

The background: the company has around 50 people, 40 in london and 10 in another office abroad, connected via vpn. We have 40~ windows machines and 30+ linux servers plus a drizzle of macs (which aren't really important and don't need central authentication).

Will linux work ok with AD or will it be an uphill hackish struggle that will result in fragile authentication that could break at any time or have any unreliability?

Also, am I gonna get hammered for licensing if I try to connect linux clients to the AD because of CALs?


Talk to me please, people.

drdebian
Posts: 80
Joined: 2004-10-09 16:17
Location: austria
Contact:

Re: Ideas for best Single Sign-on solution?

#2 Post by drdebian »

Humbletech99 wrote:Hi,
I'm currently debating migrating from an NT4 domain to an Active Directory domain or to a Samba domain. I would like ideas regarding this migration and the possibilities, or just people's opinion's and/or experiences.

I know AD is far ahead of Samba, but is it worth the money if all you're using it for is user authentication. Isn't it overcomplicated with LDAP and Kerberos?

The background: the company has around 50 people, 40 in london and 10 in another office abroad, connected via vpn. We have 40~ windows machines and 30+ linux servers plus a drizzle of macs (which aren't really important and don't need central authentication).

Will linux work ok with AD or will it be an uphill hackish struggle that will result in fragile authentication that could break at any time or have any unreliability?

Also, am I gonna get hammered for licensing if I try to connect linux clients to the AD because of CALs?


Talk to me please, people.

I think a Samba3 PDC/BDC scenario would be perfectly feasable in your case. All you need is OpenLDAP, Samba3 and the Idealx-Scripts to achieve a perfectly managable single-signon solution.

User avatar
Humbletech99
Posts: 365
Joined: 2005-12-29 00:03

#3 Post by Humbletech99 »

I read somewhere that Windows clients don't work with OpenLDAP because of some specific way in which their client handles things, they expect AD - probably just M$ trying to force everyone to use their LDAP and no-one else's.

Also, most people seem to think this is a very bad idea to samba domain, calling it buggy and unsupported, as well as more difficult.

Personally i didn't believe that samba could match the stability of AD before, so I'm doubly unsure now.

Has anyone here gotten Linux authentication to work via AD? Is is difficult and do you find it to be very reliable or just an uphill hackish struggle that may break or not work 100% of the time?

Post Reply