Single sign-on suggestions?

[Al Gordon]

On 7/26/06, Eamonn Sullivan <eamonn.sullivan at gmail.com> wrote:
> On 7/26/06, Alf-Ivar Holm <alfh at student.matnat.uio.no> wrote:
> > I haven't tested this approach, but someone seems to have succeeded by
> > using Active Directory, and it appeared that you hadn't tried that:
> >
> >         http://weblog.bignerdranch.com/?p=6
> >
> > Too bad the slapd approach didn't work out (yet).  I have been
> > thinking about trying that one, but haven't had the time.
> >
> >         Affi
>
> thanks, will look into that. Slapd *is* working for me, just fine,
> with unix accounts. It's been working a couple of weeks now with no
> problems -- I can even change my password on either of the PCs and
> have it immediately reflected in the other.
>
> But I wasn't able to get LDAP integrated with Samba. I suspect it's
> possible, after I create a domain controller, get winbind working and
> add a bunch of groups and users that Windows expects. But, really, it
> just isn't worth that level of complexity for two Ubuntu PCs and a
> Mac. I don't have any Windows PCs left in the house.
>
> What I probably should do is abandon Samba entirely and just go with
> NFS, but that has its own level of (arguably unnecessary) complexity.
>
> -Eamonn

I have found the guide at
http://www.nomis52.net/?section=docs&page=samldap to be useful in
integrating OpenLDAP and Samba.  I roll out this configuration for
customers regularly.  The guide is for Debian Sarge, but I'm assuming
it should work fine for later versions of Ubuntu.

I like this solution since it uses a web-based management interface
(phpldapadmin) that I can train the customer to use for limited
self-administration.  They like being able to lock an account on their
own, should they have to do so immediately, for example.

I also end up supporting NFS from time to time, which, as you seem to
already know, has its own issues.  One of which that I'm dealing with
is the 16 group limitation (google nfs 16 groups for details).

-- 

  -- AL --