|
Posted by Scott Lowe on August 16, 2005, 12:12 am
If you were Registered and logged in, you could reply and use other advanced thread options
On 2005-08-15 14:46:05 -0400, SunWatch@gmail.com said:
> Hey, I am a college student currently employed as an infrastructure
> consultant for a young small business, and I am looking for some advice
> regarding Microsoft Active Directory and Single Sign On.
>
> The problem is, over 60% of the workstations in the company are Macs
> (PowerBooks running OS 10.2 or 10.3), and almost all of the
> workstations are personally owned laptops or laptops that belong to
> consultants that come in and out of the company periodically. And the
> Backbone is all Windows Server 2003. One of the lead goals of our
> infrastructure change is to achieve Single Sign On but as you can see
> this is not going to be an easy task. For the Macs I was hoping to
> achieve this through Open Directory, for the PC's we cannot use the
> initial login as these are pre-configured laptops.
>
> Right now I am looking at some sort of SSO client (key-ring,
> authentication client, or simple password entering program) that will
> work with both the PC's and Mac's. I have looked at many of the
> commercial options out there, such as Novell's entry, CA's option
> and the like, but most of them are either out of our budget, or meant
> to be used with a larger environment.
>
> Is there any Open Source/Freeware/Cheap option to help us bring SSO to
> our AD setup?
>
> Also, does anyone have experience with the NT Authentication of
> Timbuktu Pro, as it currently seems to be flakey at best?
Have you looked at having the Macs bind to Active Directory? While I
personally haven't tried it, I have heard from others that it works
reasonably well and can even cache the domain credentials for logons
while they are away from the office (just like a Windows box). It is
also my understanding that one you do have the Macs bind to AD, they
can take advantage of the AD Kerberos Key Distribution Center (KDC) for
automatic access to file servers in the domain (with no additional
passwords).
HTH.
--
Scott Lowe
| 
XML site map