Programm Wien: Linux Clients in Microsoft Windows ADS Environments
aus Linuxwochen, der österreichischen OSS-Roadshow
The presentation demonstrates how Linux workstations can be seemlessly integrated into Microsoft environments using todays standard graphical user interfaces as shipped by the Linux vendors.
Integrating into the Windows world nowadays means integrating into Microsoft’s Active Directory Service (ADS) and addressing it’s security requirements. To implement the holy grail of Single Sign On Authentication on Linux, the authors – both members of the Samba Team – worked on expanding the existing Samba winbind infrastructure, researched various aspects of the Windows Client-Server interaction and also coordinated the required changes to involved Open Source Projects such as GNOME and KDE.
During the talk, the authors will focus on the Samba winbind daemon which provides the interface to all relevant core technologies like the Directory, Kerberos, PAM, and NSS. Key features as the Kerberos based single sign on and the offline authentication – which is important for mobile or home office usage – will be demonstrated using typical corporate domain infrastructures. In addition, the talk will point out how winbind enforces ADS wide security policies by applying login restrictions, communicating password policy requirements and lockout restrictions.
The presentation will point out the motivation, the mandatory and supplementary requirements, the architectural overview, the open issues, and the currently available resources of that Single sign On integration. The authors will also describe the obstacles of implementing a modern, directory based security model on top of a Unix based operating system and discuss how the core authenticating layers such as PAM and NSS are suited to fulfill todays logon tasks.
During the talk, a live demonstration will be given to give a brief overview on the typical use cases, this will include the mandatory domain join process, domain logons, Kerberos ticket handling, seamless authentication, access to domain wide services (web, file) and a password change process with various security policies in effect.
Vortragender: Lars Müller
1994 First Linux (Softlanding Linux System) 1996 First S.u.S.E. Linux 1999 – 2000 SuSE Linux Beta tester 1997 – 2000 Diskless Linux systems for students 1997 – 2000 Student Dormitory network administration 2000 – 2002 SuSE Linux AG Senior Support Engineer 2002 – 2003 SuSE Linux AG Product Manager eMail Server 2003 SUSE Linux Products GmbH Senior Software Engineer 2005 Samba Team member
Lars Müller started to work with Linux in the mid nineties at the University of Göttingen. There he was involved in the dormitory and general student network. This in particular required the operation of a distributed diskless Linux client pool. He joined the SUSE Linux business support department in 2000 while being a volunteering SUSE Linux beta tester for several years. As the maintainer of the Samba package he was involved in the development of SUSE Linux based business products and switched to the development department in 2002. There he’s still working as a Senior Software Engineer in the SUSE Labs. He became a member of the Samba Team in 2005.
* Vortrag: de
* Unterlagen: en
* Findet in Raum 1 am Tag 3 von 1400 bis 1445 statt.
* LEVEL 2: Der Vortrag setzt Grundkenntnisse voraus.
* Author: http://samba.org/~lmuelle/
* Organisation: http://samba.org
Radio Netwatcher – Redaktionsteam (Verfasser/in oder Urheber/in)