From owner-freebsd-questions@FreeBSD.ORG  Tue Jul  1 16:30:28 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 46F051065679
	for <freebsd-questions@freebsd.org>;
	Tue,  1 Jul 2008 16:30:28 +0000 (UTC)
	(envelope-from tmclaugh@sdf.lonestar.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 363558FC2D;
	Tue,  1 Jul 2008 16:30:28 +0000 (UTC)
	(envelope-from tmclaugh@sdf.lonestar.org)
Received: from straycat.dhs.org (root@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m61GURkq002553;
	Tue, 1 Jul 2008 16:30:27 GMT
	(envelope-from tmclaugh@sdf.lonestar.org)
Received: from [192.168.2.128] ([192.168.2.128])
	by straycat.dhs.org (8.14.1/8.14.1) with ESMTP id m61GUQKK028805;
	Tue, 1 Jul 2008 12:30:26 -0400 (EDT)
From: Tom McLaughlin <tmclaugh@sdf.lonestar.org>
To: Chris Edwards <cedwards@smartechcorp.net>
In-Reply-To: <0d1f01c8d7c1$bcf79020$36e6b060$@net>
References: <0d1f01c8d7c1$bcf79020$36e6b060$@net>
Content-Type: text/plain
Date: Tue, 01 Jul 2008 12:30:23 -0400
Message-Id: <1214929824.3394.6.camel@tomcat.straycat.dhs.org>
Mime-Version: 1.0
X-Mailer: Evolution 2.12.3 (2.12.3-5.fc8) 
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org
Subject: Re: FreeBSD and Active Directory
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Jul 2008 16:30:28 -0000


On Thu, 2008-06-26 at 15:20 -0400, Chris Edwards wrote: 
> I have been put in charge of creating a single sign-on mechanism for our
> Windows 2003 and FreeBSD servers.  We are wanting to use Active Directory as
> our LDAP server.  I know of four different methods that could possibly work.
> 
> 1. OpenLDAP
> 2. Radius
> 3. NIS
> 4. WinBind / Samba
> 
> Which is the most excepted/supported way to do this?  Several of the severs
> are very old, 4+ years old.
> 
> Thanks for any help,
> 
> ---
> 
> Chris Edwards

You need to handle two things, user identification and user
authentication.  OpenLDAP (actually nss_ldap) will do the id part and
kerberos will do the authentication part.  Unfortunately my AD related
links for this are at work and I'm at home today.

tom

-- 
| tmclaugh at sdf.lonestar.org                 tmclaugh at FreeBSD.org |
| FreeBSD                                       http://www.FreeBSD.org |