For a long time now I have been contemplating how to validate users on a linux box against a Windows 2000 Active Directory domain. What I mean is, how to use the user names and passwords from the Windows server, without having to set up a duplicate password database on the linux box? I had been under the impression that this meant setting up a linux ldap server and migrating everything to that (as the Windows 2000 version of ldap is deliberately non-interoperable).
Been into it again today and discovered that from python it is actually very easy to validate via python samba support:
import samba.winbind try: if samba.winbind.auth_plaintext( 'Domain\\%s' % strUser, strPassword) != 0: raise 'login failed' except(samba.winbind.error): raise 'login failed'
Samba finds the domain controller and validates the user name and password. What could be easier?
This is fine for intranet activities but if you want users logging into your linux box you have to go the ldap route to give them unix groups, login shells etc. Good luck with that.
Peter's Moblog
Or, instead of LDAP you could just use PAM and winbind: http url-> quark.humbug.org.au/publications/notes/winbind.txt
Since using LDAP requires use of PAM anyway.