Can Windows integrate with LDAP?

windows authentication ldap kerberos

Solution 1:

I once tested this succesfully with pGina, but it's not very friendly to setup.

You can also use a SAMBA server acting as an Active Directory provider, with an LDAP backend, but I haven't tested this yet. Here are the two basic steps do:

SAMBA as a PDC

The basic configuration goes like this:

[global]
passdb backend = tdbsam
os level = 33
preferred master = auto
domain master = yes
local master = yes
security = user
domain logons = yes
logon path = \\%N\profiles\%U
logon drive = H:
logon home = \\homeserver\%U\winprofile
logon script = logon.cmd

[netlogon]
path = /var/lib/samba/netlogon
read only = yes

[profiles]
path = /var/lib/samba/profiles
read only = no
create mask = 0600
directory mask = 0700

More info on the SAMBA docs.

LDAP

Properly configuring an LDAP server is not something trivial (neither the SAMBA server IMHO), but after you configure one (OpenLDAP, FDS, etc.), here's some good info on how to integrate it with SAMBA. And more specific for RedHat.

I also hear SAMBA 4 will be a complete replacement for Active Directory, but who knows when that will be released.

Anyway, I don't know if this has become easier than when I tried it (about 2 years ago), but I hope so, because I gave up after a few weeks of trial... Maybe it's time to give it another go.

Back then, my personal preference was for FDS because it has a great admin console, and it was easier to set up.

Edit: I just remembered eBox. I haven't tested it because I don't like all-in-one solutions, but take a look at the site if you do (it offers plenty more than a domain controller).

Solution 2:

Not without a custom logon provider (msgina replacement)...

Best bet is to either set up a Windows domain controller for Windows clients to log on to (will enable you to utilize group policies and other useful stuff) and have it sync with your existing LDAP service (check out Services for Unix). Or use samba and have it use your LDAP directory for authentication.

Solution 3:

Yes:

http://technet.microsoft.com/en-us/library/cc750824.aspx

Related

How do I copy an image in VMWare?
What is the $hf_mig$ directory for in Windows Server 2003?
OSX - Full Disk Encryption [closed]
How Do I Restrict Repository Access via WebSVN?
Resolving host names to their domain name in an internal BIND domain
SCGI or FastCGI - What do you prefer? [closed]
How secure are password-protected WinRAR archives?
How to add a new folder in Windows 2008 Server Registry
Best tool to migrate a PostgreSQL database to MS SQL 2005?
set mutt default Maildir folder
Can 32-bit print drivers work on 64-bit windows?
Side effects of an Apache2 Reload event