Winbind as Identity Management ConnectorFabrizio Manfred Furuholmen

11/05/09

2

Agenda

Overview

Introduction

Solution

Case study

Results

11/05/09

3

Winbind

Winbind unifies UNIX and Windows NT account management by allowing a UNIX box to become a full member of an Windows domain.

Authenticate user credentials by using PAM (SSO)

Resolve user identities and group identities by using the NSS.

Store mappings between Unix UIDs and GIDs and Active Directory security identifiers, or SIDs

11/05/09

4

Windbind vs pam_krb/ldap

11/05/09

5

Goal

11/05/09

6

Solution guide line

11/05/09

7

Solution Components

11/05/09

8

Case study

11/05/09

9

Architecture HQ

11/05/09

10

Architecture Branch

11/05/09

11

Winbind connectors

11/05/09

12

Winbind configuration 1/5

11/05/09

13

Winbind configuration 2/5

11/05/09

14

Winbind configuration 3/5

11/05/09

15

Winbind configuration 4/5

11/05/09

16

Winbind configuration 5/5

11/05/09

17

Write your connector

11/05/09

18

Performance

Application Cold cache Warm cache Remote cold cache

Remote warm cache

Ldap 2X - 2.5X -

Ldap+nscd

2X 1X 2.5X 1X

winbind - - 4X 1.2X

ptserver - - 2X 1X

Value for execution time

11/05/09

19

Administration Tasks - Users

unixUserPassword: ABCD!efgh12345$67890uid: testmsSFU30Name: testmsSFU30NisDomain: beolinkuidNumber: 10000gidNumber: 10000unixHomeDirectory: /home/testloginShell: /bin/sh

11/05/09

20

Administration Tasks - Groups

msSFU30Name: Domain UsersmsSFU30NisDomain: beolinkgidNumber: 10000

11/05/09

21

Administration Tasks - Processes

Migration

11/05/09

23

Archievements

11/05/09

24

Don’t forget..

11/05/09

25

Results

11/05/09

26

Results

11/05/09

27

Werbung

openAFS Conference Rome September 28-30

http://www.dia.uniroma3.it/~afscon09/

Website: www.beolink.org

Email: manfred@freemails.ch

Thank you !