14

How can we set Windows clients to authenticate against an LDAP Server running on Ubuntu?

belacqua
  • 22,880
  • 23
  • 88
  • 108
aneeshep
  • 29,975
  • 14
  • 64
  • 77
  • If we are looking for **replacement of active directory/windows domain controller**,It is possible and fully successful after replaced ? And if possible by same and some observed by real environment working so will you plz post the step procedure. It would by great appreciated for us. ;) :) Md.Imran | MCSA (Cloud),MCITP(Enterprise Admin),MCTS,MCT,MCSE,MCSA,MCP –  May 19 '13 at 18:58

3 Answers3

7

pGina

pGina is an open source authentication system that replaces the built in authentication of the Microsoft Windows operating system. pGina uses easy-to-write plugins that allow a system to authenticate against virtually any source. Some examples are LDAP, RADIUS, SSH, FTP, SMTP, POP3, and many more.

Getting Started

In order to get up and running, simply follow the steps below.

  • Determine what line of pGina to use
  • Decide what method of authentication you are going to be using (ex: LDAP, RADIUS, FTP, SSH, etc). and download the corresponding plugin.
  • Download pGina
  • Install pGina and the plugin
  • Configure pGina and the plugin

Main Page : http://www.pgina.org/

miken32
  • 103
  • 4
hhlp
  • 41,392
  • 18
  • 84
  • 133
  • Thank you for the help. I am already using pgina for this purpose. please see my last comment on oli's answer. – aneeshep Dec 19 '10 at 01:53
5

If pGina isn't suitable you can join the machines to a Samba 4 AD domain. The idea is to install Samba 4 and set it up as a domain controller, then have Samba authenticate against your LDAP server. I've never done this and it's a pretty nontrivial exercise, but in theory it's possible.

The SAMBA 4 AD DC HOWTO shows how to get Samba 4 going as a domain controller and join your Windows clients to your domain. You wouldn't necessarily need everything but it gives an idea how integrated you can get things.

Then, to authenticate samba connections against your LDAP server, look at The SAMBA & LDAP guide

Keep in mind Samba 4 is only a recent release. I'd avoid this for any large or commercial installation until samba 4 is more widely used.

Chris Adams
  • 151
  • 1
  • 2
2

Have you gone through the Active Directory HowTo?

Oli
  • 289,791
  • 117
  • 680
  • 835
  • 3
    That's the opposite of what he's asking (Ubuntu clients authenticating against an LDAP server on Windows). – JanC Nov 11 '10 at 05:17
  • @JanC The opposite would be setting up Ubuntu clients to register on a Windows AD server. This is merely the background for getting an AD server set up on Ubuntu. – Oli Nov 11 '10 at 09:32
  • Well, the How-To you link to is about Ubuntu using AD (which is the Windows LDAP server) for authentication? – JanC Nov 11 '10 at 10:17
  • @JanC Sorry I see what you mean now. I interchanging LDAP and AD as if they were the same thing. I'll freely admit my only AD experience is with Windows Server but I rather thought that for full authentication, you needed the whole AD stack (which includes OpenLDAP). But from [what I read](http://erikberg.com/notes/auth.html) (warning: *very* old) that might not be the case. – Oli Nov 11 '10 at 11:46
  • Seems like [pGina](http://www.pgina.org/) is still maintained. Good to know... – JanC Nov 11 '10 at 11:57
  • @JanC: Yes. currently i am using pGina. Little difficult to set it up. Now i am looking for a better alternative with simple setup process like we have 'Centrify Express' and other tools in ubuntu – aneeshep Nov 18 '10 at 10:03
  • keep in mind that this breaks Network Level Authentication (NLA, primarily used with Remote Desktop) and possibly other protocols that seem to talk directly to `lsass.exe`. See https://groups.google.com/forum/?fromgroups=#!msg/pgina-general/xPm7mjAr7IU/tE31yC14pQYJ – fuero Jan 20 '13 at 23:58