Authenticating to Active Directory
Wil Cooley
wcooley at nakedape.cc
Wed Feb 23 16:57:14 EST 2005
On 2005-02-23, Vernon A. Fort <vfort at provident-solutions.com> wrote:
> Anyone
> I currently have samba3 joined to Active Directory and squid working
> as well, transparent authentication. I would like to find a simple way
> to get my cyrus accounts to authentcate to the Active Directory as
> well. Is there a way to get cyrus-imap + cyrus-sasl to auth to the AD
> server or even via the functioning samba setup?
There are actually at least three ways:
1. Setup Kerberos on the Cyrus server to authenticate against the
domain controller(s)
2. Use LDAP authentication, which can take one of several forms
(pam_ldap, LDAP directly w/saslauthd, auxprop I guess?)
3. Use Samba w/pam_smb.
Here's a MS doc on doing #1:
http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp
Although, with the right incantation of the 'net' command from Samba, you
can manipulate your keytab much more easily than this method.
Wil
--
Wil Cooley wcooley at nakedape.cc
Naked Ape Consulting http://nakedape.cc
* * * * Linux, UNIX, Networking and Security Solutions * * * *
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list