Windows client SSO
Olivier BILHAUT
o.bilhaut at fondation-misericorde.fr
Mon May 21 10:41:51 EDT 2012
Hello,
Sorry if I don't post in the good mailing list or at the wrong place.
I'm not really familiar with mailing list because I usally find my
answer without having to post a message.
Sorry for my approximate english.
We set up a Kerberos server, with a ldap backend, and a samba server
with the same openldap backend. Many things works as expected :
* The windows clients can join samba domain (auth/share)
* The linux hosts can use kerberos and samba (auth/share)
* The user database is unique
Now we wonder about SSO. It works fine with kerberos clients on linux
(tried with an apache server).
But we'd like to manage it on windows client without using Microsoft AD.
We tried the MIT kerberos client for windows which works fine. But we
don't figure out the way to use it for SSO. We still need to
authenticate one time at windows login, and one time on the KRB client
(at least once). Which could be confusing for the final users.
We tried with the microsoft ksetup tool ("Windows support tool" in XP,
and out of the box in windows 7), but we didn't find the way to
successfully login, we have no error on kerberos server. But even if it
worked, it's even not an option to use account mapping and to have local
users on each client.
So we worked hard to try to replace our AD with a
samba/kerberos/openldap solution but our last step in to manage SSO on
windows clients.
Do you have a solution to use MIT kerberos as authentication server with
SSO with microsoft windows clients ?
Thanks in advance,
cheers.
--
-----------------------
*** Olivier BILHAUT
*** Service Informatique
*** Fondation de la Miséricorde
*** Email : o.bilhaut at fondation-misericorde.fr
*** Tel : 02.31.38.50.50
*** Fax : 02.31.38.50.00
More information about the Kerberos
mailing list