AD Authentication?

[Thomas Charron]

On Tue, Mar 4, 2008 at 12:44 PM, Ben Scott <dragonhawk at gmail.com> wrote:
>   In any serious Unix/Windows integration effort of non-trivial size,
>  I would recommend going through the effort to make sure Unix IDs are
>  consistent across all hosts.  If you're working in the "single user
>  workstation mentality" it may seem like it's not that important, but
>  sooner or later you'll end up wishing you had done it right from the
>  start.  Whether it's shared filesystems (SMB can also handle Unix IDs
>  these days) or network backups or simply a tar file transported via
>  sneakernet, files tend to move around between systems.  In a Unix-only
>  environment, this would mean LDAP or NIS.  If you're authenticating
>  Unix to Windows, you'll want winbind with a smart ID map, or central
>  storage via LDAP (possibly AD's variation of LDAP).

As I said in another email, :

> RID based IDMAP

  Works fairly well in smaller environments.
>   The key word in Matt's post would be "directly".  winbind makes
>  Linux clients appear as Windows clients.  That's no big deal if done
>  properly, but it's important to remain aware of the implications.

  And pam_windbind, at least in my mind, makes that 'directly'.  :-D

-- 
-- Thomas