On Tue, Jan 28, 2003 at 09:55:02AM -0500, Whitmore Matthew E NPRI wrote: > I'd like to authenticate/authorize against Win2000 Server PDC so > there is one login/password instead of the users currently having > separate login/passwords: one for Windows, and one for Linux. I > assume the users use the same password for both the Windows and > Linux, but I'd like to have accounts for Windows and Linux centrally > managed, using the PDC. We do that (PDC serving Windows, Solaris, and Linux clients) with pam_smb. Winbind isn't particularly required, and has several disadvantages in our situation: * We don't want *everyone* on the domain to be able to log into the Unix machines. We could use pam_listfile to fix that, however. * Winbind has no means of synchronizing UIDs across systems. So if you have a central NFS server like we do, ownership gets completely screwy. This killed winbind for us. Disadvantages of pam_smb: * Have to create dummy accounts for authorized users on each system. I think there's a way around that, too, but like I said before, we don't want every domain user to have Unix access. * Tied into the previous disadvantage, dual-boot systems are difficult. If we add a user onto each system to use pam_smb, that system has to be in Unix 100% of the time. Winbind avoids this problem. Personally, I've got some sort of Active Directory/LDAP idea on the horizon, since our central IT bunch is rolling out their first AD tree. Hopefully it's close enough to regular LDAP to make the Unix boxes happy. -- Mike Renfro / R&D Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University -- renfro@tntech.edu _______________________________________________ Pam-list@redhat.com https://listman.redhat.com/mailman/listinfo/pam-list
