Authenticating Windows 2003 users to a central LDAP

Ahmad Arshad ahmad.arshad at nyu.edu
Fri Mar 23 07:31:38 EDT 2007


Hi Preetam,

Then let me rephrase the question a little...

We have two KDC servers with realm nyu.edu. Lets call them kerb1.nyu.edu 
and kerb2.nyu.edu

my active directory is systems.private

I want this active directory authentication to authenticate off of these 
kerberos servers... Its easy to do in unix and linux, but its killing me 
to set it up so this windows 2003 r2 AD can authenticate its users off 
of those kerberos servers.

Thanks

preetam R wrote:
> Hi Ahmad,
>
>     FYI: The Domain Controller itself contains a LDAP
> server.
>
> Thanks,
> Preetam
>
> --- Ahmad Arshad <ahmad.arshad at nyu.edu> wrote:
>
>   
>> Hi,
>>
>> I am not sure if this is the proper list for this...
>> but any help would 
>> be appreciated...
>>
>> We are running a Windows 2003 R2 server whose domain
>> is used for user 
>> and workstation authentication for a portion of the
>> university 
>> population. We wanted to tie this domain lets call
>> it systems.private 
>> into the university wide ldap server lets call is
>> ldap.nyu.edu which 
>> stores university wide usernames/passwords etc.
>>
>> This way users who are part of the domain (remember
>> we only want users 
>> who are part of the domain to have access) would be
>> able to login to the 
>> domain.. using their IDs and passwords provided by
>> the university.
>>
>> I am not sure if this makes any sense...
>>
>> so to recap
>>
>> a) User tries to log into the domain with his id and
>> password.
>> b) The domain controller checks to see if the user
>> id is in its database.
>> c) if it is, it forwards the credential to the ldap
>> server for 
>> authentication.
>> d) if the ldap authenticates, the user is allowed to
>> login...
>>
>> Any help would be greatly appreciated..
>>
>> Sincerely,
>>
>> Ahmad S Arshad
>>
>> ________________________________________________
>> Kerberos mailing list           Kerberos at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>
>>     
>
>
>
>  
> ____________________________________________________________________________________
> We won't tell. Get more on shows you hate to love 
> (and love to hate): Yahoo! TV's Guilty Pleasures list.
> http://tv.yahoo.com/collections/265 
>   

-- 
Sincerely,

Ahmad Arshad

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Systems Administrator
Library Information Technology Systems
New York University, Division of Libraries
70 Washington Square South, Mezzanine
New York, NY 10012-1091
O: (212) 995-3513
F: (212) 995-3548
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- 




More information about the Kerberos mailing list