LDAP - best option?
Results 1 to 7 of 7

Thread: LDAP - best option?

  1. #1
    Member
    Join Date
    Jun 2002
    Posts
    95

    LDAP - best option?

    Hey guys,

    I work at a high school, and i am in charge of building an intranet for them. We have a universal domain called domain1, with multiple servers for different things.

    I have created a server called intranet (who would of thought ) and i would like to authenticate the users of the intranet via a win2k server using active directory called winauth. how would i do this?

    i have found out i can do this using LDAP, however i have many docs etc, but i can't get this to work. in many senarios, there has been 2 DC's specified, however i think we only have one. I dont know what DC and other options to put in.

    Could somebody help with this, or have another solution to the problem?

    Thanks,

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Firstly, is the intranet available from the internet? That's kind of important.....

    Secondly, I don't think you can do cross domain authentication in the manner you are trying, but I could be wrong on that.

    I take it winauth is a DC in the domain1 domain......

    If this is a purely practical exercise then why don't you demote the server intranet and join it to domain 1. That is the most practical, however if the intranet is publicly available this would be inadvisable from a security perspective.

    If this is a learning exercise where you are not allowed to have the server intranet as part of domain1 then you could promote the server intranet to a DC in it's own domain and then create a one way domain trust between domain1 and the domain intranet where the intranet domain trusts domain1 but domain1 does not trust domain intranet. This would allow users logged into domain1 to access the resources in the domain intranet but not visca-versa.

    One word of warning... Domain trusts can be a pain to set up and have work correctly, especially one way trusts. If they fail it can be almost impossible to delete the trust and recreate it, (It gets all confused). This has been the same since NT4, in fact I'm pretty sure that they never really updated the domain trust function for Win2k. If you do make a trust relationship do not make anything "mission critical" rely upon it. If you do and the trust fails in such a way as to be irretreivable then you will be unable to carry out the mission critical function(s) until you have solved the trusts issue - which can take days of weeks.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    Member
    Join Date
    Jun 2002
    Posts
    95
    tiger shark,

    no, the intranet is not availible on the internet, it is purly internal.

    the intranet server is on domain1, just like the other servers and workstations on the network. I hope that helps.

    also, how would i be able to authenticate users against the windows server? there just has to be a way.

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    I just looked at your name..... Unix Jim.....

    /lightbulb comes on..... He's using *nix to authenticate his users to a Win2k box.....

    You are right, there is a way..... I read about it somewhere a long time ago..... But I have no clue how it works.... I'm a Windows kinda guy.....

    Any of you *nix chaps wanna throw your hats into this ring?
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    Member
    Join Date
    Jun 2002
    Posts
    95
    lol, yeah

    intranet = mandrake v10.0 box

  6. #6
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    Hi, did you try google?

    Google for "linux active directory integration"

    Here is a decent article..

    http://linux.boeldt.net/Linux_active_directory.asp

    Also, have you checked out MS Services for UNIX?
    Might be some tools there you may be interested in.

  7. #7
    Member
    Join Date
    Jun 2002
    Posts
    95
    thanks ss2chef,

    looks quite promising

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •