What is the best way to achive single sign on for win/mac/nix using linux?

[narzy]

Title pretty much says it all. I'd also like a master share that everyone can get to and basically build a big file server and if I can a IPsec VPN server...I am trying clarkconnect is that my best option?

post 6660 uht oh? are those not the numbers of evil? does that mean this project is doomed?

 

[skyking]

If you want a single place to change the passwords and add users, you are stuck with setting up a domain. Samba can act as a PDC.
If you don't mind setting users up on the server and workstations as needed, samba will do it fine without a domain. You can make a public folder and specify what users or groups have access to it. Individual users will have private folders as well. All folders can be mapped as network drives in windows. I have no personal experience with macs but the tools should be there as well.

 

[n0cmonkey]

Kerberos & LDAP.

I think redhat and sun have projects for this. As wel las Samba 4 (maybe 3.x has enough of this backported, I don't know).

Redhat:
http://www.redhat.com/directory_server/

Sun:
http://www.sun.com/software/pr..._ee/dir_srvr/index.xml

I haven't used any of these though.

 

[narzy]

Thanks N0cmonkey, I'll see if I can give it a go. My linux skillz are n00b.

 

[Fear No Evil]

You have passwords that expire on your home network? LOL.. My solution.. set them all the same, set them to never expire.. DONE..

 

[Nothinman]

Sadly AD is probably the simplest way to get LDAP and kerberos setup and all 3 should be able to authenticate to it fairly easily. You could setup Samba to do an NT4 domain, but I don't know if OS X will play nice with that.

 

[Crusty]

I've had success authenticating Linux boxes to a Windows Server 2008 AD environment.

 

[Nothinman]

It's dead simple to tell Samba to authenticate against a Windows server. If you want more integration like the actual Linux logins on the box via ssh, ftp, etc then that gets more complicated.

 

[Crusty]

Originally posted by: Nothinman
It's dead simple to tell Samba to authenticate against a Windows server. If you want more integration like the actual Linux logins on the box via ssh, ftp, etc then that gets more complicated.

For samba I'm not even sure you need to configure anything other then passing the user as an option to mount, at least that's been my experience.

In my post I was referring to local logins and ssh logins on the box. It worked just fine for months, but that box has been disabled so we're not using it anymore.

 

[Nothinman]

For samba I'm not even sure you need to configure anything other then passing the user as an option to mount, at least that's been my experience.

I was talking for shares exported by Samba. You can tell it 'security = server', give it a server list and it'll always authenticate against them instead of the local database.

 

[Crusty]

Originally posted by: Nothinman

For samba I'm not even sure you need to configure anything other then passing the user as an option to mount, at least that's been my experience.

I was talking for shares exported by Samba. You can tell it 'security = server', give it a server list and it'll always authenticate against them instead of the local database.

Ah gotcha, I haven't used Samba that way but that sounds like a nice and easy to get a file server up and running.

 

[n0cmonkey]

If you're a member of SAGE, there was an email discussion on choosing an LDAP server on the sage-members mailing list.