The "U" Word

Making Windows safe for Unix people since 1995


Integrating Unix and Windows systems - authentication and authorization via Kerberos and LDAP

  • Comments 7
  • Likes

While cruising the blogosphere to see who was saying what about the newly-released Services For Unix 3.5, I tripped across this post by Joseph Scott. It looks like one of his primary interests is setting up his FreeBSD system to pull Unix directory information out of AD.

This is good news to me, since my team has been really hard at work building a “patterns & practices” guide that tells you, step by step, exactly how to configure a Unix or Linux system to:

  • authenticate via Windows Kerberos (single sign-on for real!) using MIT 1.3.1 or Heimdal Kerberos and a PAM module
  • use nss_ldap and pam_ldap to get authorization data (uid/gid and other user and group information) from AD whose schema has been extended either with the SFU 3.0/3.5 schema or with rfc2307.

It also shows you exactly what you have to do on your DCs to make all this work right.

We burned a lot of midnight oil over the last two weeks to get the guide whipped into shape. We're gonna ship it by the end of the month, and it should be available for free download from technet before Feb 1.

It's not perfect, but we don't want to make people wait for it now that SFU 3.5 is out. This may be another case of “Microsoft gets it right after release”, but I'd rather folks see it sooner. If we made the wrong call, I hope people tell me. Heck, if we made the right call, I hope they tell me.