Single sign-on for a mixed-OS network

I am handling a mixed network of SCO Openserver, Slackware and Windows XP computers. Right now, the primary user accounts are kept on one SCO computer with usernames and passwords synchronized to the other ones daily via cron, while the Windows XP computers just use a generic 'Operator' account with per-user accounts (with their own separate passwords) added on a per-computer basis when necessary.

Right now, we only have up to a dozen regular operators so this 'solution' is workable, but it is awkward at best and ill-suited for any increase in our staff. I would like to be able to set up a single sign-on system, such that I only have to maintain one user database rather than eight.

Active Directory looks like it would do exactly what I need, but as far as I know this would require a Server release of Windows, which I currently lack. And Samba4 will probably still be a while in coming.

Until such time as I can convince the Powers That Be to budget for better network resources, are there any reasonable alternatives I can use?


Solution 1:

Not in regards to your specific question, but as SCO has gone into Chapter 7 bankruptcy (liquidation) you should be moving off it urgently.

Samba-TNG no longer exists, that got merged back in to become Samba 3, and is long obsolete.

Unless you need AD for group policy the Samaba implementation of NT4 domains should be enough (I know companies of >50 people running it). If you use the LDAP backend all the *nix systems can reference that directly.

Solution 2:

If you're just talking about authentication OpenLDAP with Samba-TNG sounds like the direction you would want to go, instead of waiting for Samba 4.

Solution 3:

People have already mentioned using Samba. Another alternative would be a free directory server such as Apache Directory Server or simply OpenLDAP. SCO and Slackware would be able to authenticate against either of those just fine. On the Windows machines you could install pGina and use its LDAP plugin to do the same.