[KLUG Members] Re: OpenLDAP, user authentication from Windows based client

[members@kalamazoolinux.org]

Mmmm, I think someone is cross posting... tsck tsck tsck

> ...
>>My requirement is similar. I have OpenLDAP under SunOS and I wish to
>>authenticate the user from windows based client. I tried to download
>>mozilla. I couldn't do it. :(
>>Could you please tell me what method did you adopt? steps please. Thanks.
>It is still in the works I'm afraid. Previously I used a combination of 
>pGINA and instructions from an article on mandrake-secure:
>http://www.mandrakesecure.net/en/docs/ldap-auth.php
>Problem there was that the plugin for pGINA is designed for samba.schema 
>and the article describes setting up nis.schema.  The end result is that 
>the groups are not retrieved by the plugin which basically means that 
>only Guest access is possible.  Frankly I never understood why anyone 
>would want to use pGINA if they were just going to use samba anyway.  I 

Usiung pGINA one doesn't have to blunder about trying to join the domain.  Not
much of an effort-saver but some people don't like joining roving laptop users
to domains.

>mean, wouldn't it be just as easy (or perhaps easier) to use the winbind 
>daemon that comes with Samba instead of pGINA?

Eh?  winbind is for a UN*X box to "join" a domain.  It has nothing to do with
Win32 clients.

>It might be OK to use samba.schema but there are no good/up-to-date 
>instructions that I know of for setting up the db and I still need to 

There is the LDAP-Samba-PDC Howto from IdealX.  There is
ftp://kalamazoolinux.org/pub/pdf/ldapv3.pdf.  There are migration scripts in the
Samba source code tar-ball.  What else do you want? 

>authenticate my Linux clients.  The idea of having a different db for 
>each type of client also seems wasteful and unnecessarily complex.

It's LDAP it is all the same db,  one just says posixAccount + sambaAccount.