Woah! It works?

A little history lesson:

  • My goal was single-sign on on our Linux-, OSX- and Windows Boxes
  • It did not work very well
  • So I turned it off and forgot about it. Or better: I had it in it’s sort-of-working state until I had to upgrade SASL for Cyrus Imapd which in turn brought the OpenLDAP-Replica server to a state where it would consume 100% of CPU time and not respond to any requests. This is where I’ve given up. Talk DLL-Hell ;-)

    Then came the time with our Exchange-Trial which turned out to be working quite nicely.

    And finally, yesterday, Jonas asked for a shell-account on one of the Linux boxes – Samba-Access was already working (by using security = domain and password server = * in smb.conf). This is where I really wanted to rethink the whole single-sign-on-thing – even more that I really want to create users just once so I don’t forget to remove them at different places, should I have to remove (or disable) one once in a while.

    LDAP was no alternative (as you can read here on gnegg.ch).

    I haven’t tried out winbind back then, which is what I’ve set up this morning.

    And it’s funny: It just worked. First I was joining the Samba-Servers to the ADS-Domain following this quide. No problems (which I could not believe at first). Then I followed this guide and the manpage of smb.conf to get winbind to work and as before: It runs flawlessly (after adding UsePAM yes to sshd.conf). Even more interesting: Here on the Gentoo box I was trying this out first, it worked even without any PAM-configuration at all.


    What do I have?

    I can manage my users at a central place – this time on the Windows Server with quite good looking GUI tools. This is what I’ve always wanted to do. Nothing more, nothing less.

    I’m a bit afraid from trying to configure our Mac OS X-computer, but we’ll see.

    Very nice and satisfying.

%d bloggers like this: