Page 284 - DCAP602_NETWORK_OPERATING_SYSTEMS_I
P. 284
Network Operating Systems-I
notes Directory Services, and facilitates the identification, and authorization of computers and users
via Authentication Services.
The following sections will discuss SAMBA and the supporting technologies, such as Lightweight
Directory Access Protocol (LDAP) server, and Kerberos authentication server in more detail.
You will also learn about some of the available configuration directives available the SAMBA
configuration file which facilitate network integration with Windows clients and servers.
active Directory
Active Directory is a proprietary implementation of Directory Services by Microsoft, and is used to
provide a means to share information about network resources and users. In addition to providing
a centralized source of such information, Active Directory also acts as a centralized authentication
security authority for the network. Active directory combines capabilities traditionally found
in separate, specialized directory systems to simplify integration, management, and security of
network resources. The SAMBA package may be configured to use Active Directory services
from a Windows Domain Controller.
LDap
The LDAP server application provides Directory Services functionality to Windows computers
in a manner very similar to Microsoft Active Directory services. Such services include managing
the identities and relationships of computers, users, and groups of computers or users that
participate in the network, and providing a consistent means to describe, locate, and manage
these resources. The freely available implementation of LDAP available for your Ubuntu system
is called OpenLDAP. The server daemons responsible for handling OpenLDAP directory requests
and the propagation of directory data from one LDAP server to another on Ubuntu, are slapd
and slurpd. OpenLDAP may be used in conjunction with SAMBA to provide File, Print, and
Directory services in much the same way a Windows Domain Controller does so long as SAMBA
is compiled with LDAP support.
kerberos
The Kerberos authentication security system is a standardized service for providing authentication
to computers and users by means of a centralized server which grants encrypted authorization
tickets accepted for authorization by any other computer using Kerberos. Benefits of Kerberos
authentication include mutual authentication, delegated authentication, interoperability,
and simplified trust management. The primary server daemons for handling the Kerberos
authentication and Kerberos database administration on Ubuntu are krb5kdc and kadmin.
SAMBA may use Kerberos as a mechanism for authenticating computers and users against a
Windows Domain Controller. To do so, the Ubuntu system must have Kerberos installed, and
the /etc/samba/smb.conf must be modified to select the the proper realm and security mode.
For example, edit the /etc/samba/smb.conf file and add the values:
realm = DOMAIN_NAME
security = ADS
to the file, and save the file.
Note Be sure to replace the token DOMAIN_NAME in the example above with the
actual name of your specific Windows Domain.
278 LoveLy professionaL university
