This office project started in March 2008 and took about 3 months for engineering. It is fun and challenging, but frustrating from time to time. It is difficult to figure out when thing goes wrong because there are so many components involved. Can you imagine to deal with three different OS?
I hope this project gives you some ideas how to setup SSO.
The goal for this project is:
- User is able to login to an Unix server using AD account
- Allow user to change password from an Unix server
- Centralized home directory provided by a NFS server
- Support fail-over when one of the DC are off-line
- Minimum costs
A domain called allure.local is created as follow:
The above infrastructure is very simple; all Unix servers use local authentication, both DC run DNS service.
Although there is not much description in the whole SSO setup here, I would recommend to refer the following materials for a legitimate explanation:
Book
Sybex Windows and Linux Integration: Hands-on Solutions for a Mixed Environment
Free PDF
Windows Security and Directory Services for UNIX Guide
Using Kerberos to Authenticate a Solaris 10 OS LDAP Client With Microsoft Active Directory
Website
Solaris 10-AD Integration, Version 3
nss_ldap's undocumented nss_reconnect_tries
Manpage
...
No comments:
Post a Comment