Thanks Mike, I'll try it. Geoff, could you give instructions similiar to what Mike did, and where I could find documentation about the advantages you mentioned - particularly IAS Policies (not even sure what they are). Thanks to everyone. -----Original Message----- From: Geoff Roberts [mailto:groberts@itc.com.au] Sent: Tuesday, January 28, 2003 11:36 PM To: pam-list@redhat.com Subject: RE: Win2000 PDC Authentication and Authorization Hi, We've implemented this using RADIUS (pam module from GNU radius from memory). A few advantages, you can manage authentication separately with IAS policies (IAS comes with RADIUS on 2000), you do not have to worry about 2000 domain only mode if you are using it (we are), you only need to open the RADIUS port in one direction using state based firewalls (from memory for windows authentication to work you needed a couple UDP and a couple of TCP ports in both directions), we've found it simply to administer and depending on settings can get good logging information on the 2000 box. May be worth looking at as an option. Regards, Geoff > -----Original Message----- > From: pam-list-admin@redhat.com [mailto:pam-list-admin@redhat.com]On > Behalf Of Tony den Haan > Sent: Wednesday, 29 January 2003 1:36 AM > To: 'pam-list@redhat.com' > Subject: Re: Win2000 PDC Authentication and Authorization > > > > On Tue, 28 Jan 2003, Whitmore Matthew E NPRI wrote: > > > New to using PAM. Read and understand using openLDAP for > authentication and authorization. Win2000/XP's Active Directory > is Microsoft's implementation of LDAP. Is there a way to use a > Win2000 Server PDC to authenticate and authorize on RH Linux > (planning upgrade to RH 8.0). Would appreciate any help. > > > i think you'd better look at pam_smb instead, even though pam_ldap might > work. > either way: yes, RH supports PAM, so the question is: "is there a PAM > module that can authenticat against winXX" > > tony > > > > > _______________________________________________ > > Pam-list@redhat.com > https://listman.redhat.com/mailman/listinfo/pam-list > _______________________________________________ Pam-list@redhat.com https://listman.redhat.com/mailman/listinfo/pam-list _______________________________________________ Pam-list@redhat.com https://listman.redhat.com/mailman/listinfo/pam-list
