MIT KDC/Unix Openldap integration to provide Mac & WINDOWS authentication

[Mark]

Hello,

I have been working for a while to integrate Mac OS X servers and their clients, both Windows and Mac, with a central MIT KDC and Linux Openldap server. The Open directory manual talks a lot about how easy it is but it seemed short on specifics.

I can authenticate Mac clients directly off of my MIT KDC, They then use LDAP for authorization information off of my Linux Openldap server.

Windows clients are trickier. I’m not allowed to use Windows NT or AD (although I can populate an AD with LDAP accounts and authenticate against MIT KDC).

The problem seems to be the apple “Password Server”.

So I assume that I need to make my OS X server continue to work as a PDC. I don’t want to use samba passwords, but instead I want to use Kerberos (and probably PAM).

My question is, does anyone have a procedure to connect a OSX open directory server to a Unix MIT KDC and openldap server for Mac and Windows Authentication.

Thanks for the help

[Mark]

Well, I have used pgina but it seemed like I would be missing out on some functionality. I was under the impression that pam-keberos modules were available for samba 3.

Thanks for the reply

Mark

[Author]

Posts