Ideas for best Single Sign-on solution?

If none of the more specific forums is the right place to ask

Ideas for best Single Sign-on solution?

Postby Humbletech99 » 2006-01-31 09:12

Hi,
I'm currently debating migrating from an NT4 domain to an Active Directory domain or to a Samba domain. I would like ideas regarding this migration and the possibilities, or just people's opinion's and/or experiences.

I know AD is far ahead of Samba, but is it worth the money if all you're using it for is user authentication. Isn't it overcomplicated with LDAP and Kerberos?

The background: the company has around 50 people, 40 in london and 10 in another office abroad, connected via vpn. We have 40~ windows machines and 30+ linux servers plus a drizzle of macs (which aren't really important and don't need central authentication).

Will linux work ok with AD or will it be an uphill hackish struggle that will result in fragile authentication that could break at any time or have any unreliability?

Also, am I gonna get hammered for licensing if I try to connect linux clients to the AD because of CALs?


Talk to me please, people.
User avatar
Humbletech99
 
Posts: 365
Joined: 2005-12-29 00:03

Re: Ideas for best Single Sign-on solution?

Postby drdebian » 2006-01-31 12:52

Humbletech99 wrote:Hi,
I'm currently debating migrating from an NT4 domain to an Active Directory domain or to a Samba domain. I would like ideas regarding this migration and the possibilities, or just people's opinion's and/or experiences.

I know AD is far ahead of Samba, but is it worth the money if all you're using it for is user authentication. Isn't it overcomplicated with LDAP and Kerberos?

The background: the company has around 50 people, 40 in london and 10 in another office abroad, connected via vpn. We have 40~ windows machines and 30+ linux servers plus a drizzle of macs (which aren't really important and don't need central authentication).

Will linux work ok with AD or will it be an uphill hackish struggle that will result in fragile authentication that could break at any time or have any unreliability?

Also, am I gonna get hammered for licensing if I try to connect linux clients to the AD because of CALs?


Talk to me please, people.



I think a Samba3 PDC/BDC scenario would be perfectly feasable in your case. All you need is OpenLDAP, Samba3 and the Idealx-Scripts to achieve a perfectly managable single-signon solution.
drdebian
 
Posts: 81
Joined: 2004-10-09 16:17
Location: austria

Postby Humbletech99 » 2006-01-31 12:58

I read somewhere that Windows clients don't work with OpenLDAP because of some specific way in which their client handles things, they expect AD - probably just M$ trying to force everyone to use their LDAP and no-one else's.

Also, most people seem to think this is a very bad idea to samba domain, calling it buggy and unsupported, as well as more difficult.

Personally i didn't believe that samba could match the stability of AD before, so I'm doubly unsure now.

Has anyone here gotten Linux authentication to work via AD? Is is difficult and do you find it to be very reliable or just an uphill hackish struggle that may break or not work 100% of the time?
User avatar
Humbletech99
 
Posts: 365
Joined: 2005-12-29 00:03


Return to General Questions

Who is online

Users browsing this forum: No registered users and 8 guests

fashionable