Post on 30-Jun-2015
Winbind as Identity Management ConnectorFabrizio Manfred Furuholmen
11/05/09
2
Agenda
Overview
Introduction
Solution
Case study
Results
11/05/09
3
Winbind
Winbind unifies UNIX and Windows NT account management by allowing a UNIX box to become a full member of an Windows domain.
Authenticate user credentials by using PAM (SSO)
Resolve user identities and group identities by using the NSS.
Store mappings between Unix UIDs and GIDs and Active Directory security identifiers, or SIDs
11/05/09
4
Windbind vs pam_krb/ldap
11/05/09
5
Goal
11/05/09
6
Solution guide line
11/05/09
7
Solution Components
11/05/09
8
Case study
11/05/09
9
Architecture HQ
11/05/09
10
Architecture Branch
11/05/09
11
Winbind connectors
11/05/09
12
Winbind configuration 1/5
11/05/09
13
Winbind configuration 2/5
11/05/09
14
Winbind configuration 3/5
11/05/09
15
Winbind configuration 4/5
11/05/09
16
Winbind configuration 5/5
11/05/09
17
Write your connector
11/05/09
18
Performance
Application Cold cache Warm cache Remote cold cache
Remote warm cache
Ldap 2X - 2.5X -
Ldap+nscd
2X 1X 2.5X 1X
winbind - - 4X 1.2X
ptserver - - 2X 1X
Value for execution time
11/05/09
19
Administration Tasks - Users
unixUserPassword: ABCD!efgh12345$67890uid: testmsSFU30Name: testmsSFU30NisDomain: beolinkuidNumber: 10000gidNumber: 10000unixHomeDirectory: /home/testloginShell: /bin/sh
11/05/09
20
Administration Tasks - Groups
msSFU30Name: Domain UsersmsSFU30NisDomain: beolinkgidNumber: 10000
11/05/09
21
Administration Tasks - Processes
Migration
11/05/09
23
Archievements
11/05/09
24
Don’t forget..
11/05/09
25
Results
11/05/09
26
Results
11/05/09
27
Werbung
openAFS Conference Rome September 28-30
http://www.dia.uniroma3.it/~afscon09/