Authentication in a Mixed Debian/Samba/Win2K Environment
I have been asked to convert the engineers at a company from Win2K desktops
The Front Office staff will stay on Win2K.
They currently do simple peer-to-peer networking, with all the attendant
ID and password hassles that implies. They have a "server" which is currently
just a peer workstation with a share on it that gets backed up. This they want converted to
Debian as well (rather than purchase Win2K server and CALs).
What do people recommend for a directory service in this environment? Everyone
should be able to log onto every system, Debian or Win2K - there is no need to restrict that.
IIRC, two years ago, PAM and radius was the way to go. You'd setup a radius
server with your userIDs, passwords, etc. and configure the Unix boxes to
use PAMradius for login authentication. You'd setup Samba on your Unix server,
make it the PDC for the NT Domain, and have Samba use PAM to authenticate
the Windows Networking authentication requests.
Is this still the way to go? Are people using LDAP instead of Radius for
the authentication database and PAMldap?
Also, there is some PAM-related caveat that's part of the Debian install
that I don't remember . . .
Looking for guidance from a trusted community.