Date: Tue, 12 Nov 2002 22:22:52 -0600 From: Eric Anderson <anderson@centtech.com> To: Terry Lambert <tlambert2@mindspring.com> Cc: freebsd-chat@freebsd.org Subject: Re: LDAP Admin? Message-ID: <3DD1D39C.A6E248A6@centtech.com> References: <3DD13BE2.8000902@centtech.com> <3DD14FE5.7DAC9339@mindspring.com> <3DD15ADF.7070600@centtech.com> <3DD18044.A928D4AD@mindspring.com> <3DD18850.2050700@centtech.com> <3DD18E9D.4ACC4A13@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Terry Lambert wrote:
> Eric Anderson wrote:
> > I'm using it to replace NIS, and pull my MS network in with my UNIX
> > network for authentication.
>
> If you are doing this, then you should know that you can not
> replace an "Active Directory" server with an OpenLDAP server,
> and successfully use it to authenticate MS clients. The only
> think that works now is to deploy an MS Active Directory Server.
I don't have an Active Directory server. I have an old NT4 PDC, and I'd
like to get rid of that and have a samba PDC with LDAP ties.
> As far as integrating MS clients to UNIX servers, that's a
> different matter. Do a web search for "NIS GINA"; it's a
> client authentication package, which allows an NIS server to
> be used to authenticate MS clients.
>
It's more the other way around for me - I have several hundred Linux
machines, a hundred or so Solaris boxes, FreeBSD for all the good stuff,
etc. I'd like to make all the boxes use LDAP, and rid myself of NIS.
>
> > I just need some simple stuff like pw changing tools, user
> > adding/deleting tools, but was looking for what people use before I
> > start to get it deployed.
>
> Generally, you edit a template and import it via "ldapadd",
> or you use PHPLDAP to add a record, after filling out the fields.
>
> For passwords, they are generally stored as ciphertext, with
> the cipher type embedded at the front of the ciphertext, in
> braces, e.g. "{md5}xxyyzz", etc.. In other words, the data
> contents are as generally exposed as NIS data contents, so a
> dictionary attack is a possibility.
I know about this.. this is a pain I'll have to deal with going from
NIS to LDAP, but it's worth the effort I think.
> Probably your best bet is to query the Samba community, and
> potentially, the OpenLDAP community.
Hmm.. ok.. you're right.. I find the FreeBSD community to be much more
"up on the times" compared to some other groups.
Thanks Terry..
Eric
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DD1D39C.A6E248A6>