Differences

This shows you the differences between two versions of the page.

--- ldap_integration [2009/08/21 06:39] – 172.26.0.166
+++ ldap_integration [2009/11/13 07:03] – 172.26.0.166
@@ Line 2: / Line 2: @@
 ILRI uses an Active Directory server for user authentication, which is primarily used for Exchange e-mail services.  Active Directory is Microsoft's proprietary version of LDAP with a little extra special sauce.  Currently users have an Active Directory username and password for their Windows-centric single sign on and e-mail, and then they have a separate account for use with the HPC.  There exists functionality in Linux to look at Active Directory for user authentication.
+===== Implementation =====
+Active Directory integration will work if we use Likewise-Open.  It has been tested in a virtual server environment, but requires a few network changes to work on the HPC:
+  * HPC must have the correct time (AD authenticates via Kerberos, which is heavily sensitive to time)
+  * HPC must be able to access AD on several TCP ports (kerberos, LDAP, etc)
 ===== Notes =====
+==== Likewise-Open ====
+Open source standalone implementation of Samba, OpenLDAP, Kerberos, etc for Active Directory integration: http://www.likewise.com/
+  * open ports in Firewall (Active Directory, NTP, Kerberos)
+  * make sure time is in sync with the server!  NTP must be configured correctly before installing AD integration
+  * Likewise-Open has their own CIFS server but can also work with existing Samba installs I think
 ==== Using ldapsearch on Linux ====