Winbind as Identity Management Connector
-
Upload
manfred-furuholmen -
Category
Technology
-
view
376 -
download
3
Transcript of Winbind as Identity Management Connector
![Page 1: Winbind as Identity Management Connector](https://reader033.fdocuments.us/reader033/viewer/2022052622/559181b01a28ab5c6f8b4579/html5/thumbnails/1.jpg)
Winbind as Identity Management ConnectorFabrizio Manfred Furuholmen
![Page 2: Winbind as Identity Management Connector](https://reader033.fdocuments.us/reader033/viewer/2022052622/559181b01a28ab5c6f8b4579/html5/thumbnails/2.jpg)
11/05/09
2
Agenda
Overview
Introduction
Solution
Case study
Results
![Page 3: Winbind as Identity Management Connector](https://reader033.fdocuments.us/reader033/viewer/2022052622/559181b01a28ab5c6f8b4579/html5/thumbnails/3.jpg)
11/05/09
3
Winbind
Winbind unifies UNIX and Windows NT account management by allowing a UNIX box to become a full member of an Windows domain.
Authenticate user credentials by using PAM (SSO)
Resolve user identities and group identities by using the NSS.
Store mappings between Unix UIDs and GIDs and Active Directory security identifiers, or SIDs
![Page 4: Winbind as Identity Management Connector](https://reader033.fdocuments.us/reader033/viewer/2022052622/559181b01a28ab5c6f8b4579/html5/thumbnails/4.jpg)
11/05/09
4
Windbind vs pam_krb/ldap
![Page 5: Winbind as Identity Management Connector](https://reader033.fdocuments.us/reader033/viewer/2022052622/559181b01a28ab5c6f8b4579/html5/thumbnails/5.jpg)
11/05/09
5
Goal
![Page 6: Winbind as Identity Management Connector](https://reader033.fdocuments.us/reader033/viewer/2022052622/559181b01a28ab5c6f8b4579/html5/thumbnails/6.jpg)
11/05/09
6
Solution guide line
![Page 7: Winbind as Identity Management Connector](https://reader033.fdocuments.us/reader033/viewer/2022052622/559181b01a28ab5c6f8b4579/html5/thumbnails/7.jpg)
11/05/09
7
Solution Components
![Page 8: Winbind as Identity Management Connector](https://reader033.fdocuments.us/reader033/viewer/2022052622/559181b01a28ab5c6f8b4579/html5/thumbnails/8.jpg)
11/05/09
8
Case study
![Page 9: Winbind as Identity Management Connector](https://reader033.fdocuments.us/reader033/viewer/2022052622/559181b01a28ab5c6f8b4579/html5/thumbnails/9.jpg)
11/05/09
9
Architecture HQ
![Page 10: Winbind as Identity Management Connector](https://reader033.fdocuments.us/reader033/viewer/2022052622/559181b01a28ab5c6f8b4579/html5/thumbnails/10.jpg)
11/05/09
10
Architecture Branch
![Page 11: Winbind as Identity Management Connector](https://reader033.fdocuments.us/reader033/viewer/2022052622/559181b01a28ab5c6f8b4579/html5/thumbnails/11.jpg)
11/05/09
11
Winbind connectors
![Page 12: Winbind as Identity Management Connector](https://reader033.fdocuments.us/reader033/viewer/2022052622/559181b01a28ab5c6f8b4579/html5/thumbnails/12.jpg)
11/05/09
12
Winbind configuration 1/5
![Page 13: Winbind as Identity Management Connector](https://reader033.fdocuments.us/reader033/viewer/2022052622/559181b01a28ab5c6f8b4579/html5/thumbnails/13.jpg)
11/05/09
13
Winbind configuration 2/5
![Page 14: Winbind as Identity Management Connector](https://reader033.fdocuments.us/reader033/viewer/2022052622/559181b01a28ab5c6f8b4579/html5/thumbnails/14.jpg)
11/05/09
14
Winbind configuration 3/5
![Page 15: Winbind as Identity Management Connector](https://reader033.fdocuments.us/reader033/viewer/2022052622/559181b01a28ab5c6f8b4579/html5/thumbnails/15.jpg)
11/05/09
15
Winbind configuration 4/5
![Page 16: Winbind as Identity Management Connector](https://reader033.fdocuments.us/reader033/viewer/2022052622/559181b01a28ab5c6f8b4579/html5/thumbnails/16.jpg)
11/05/09
16
Winbind configuration 5/5
![Page 17: Winbind as Identity Management Connector](https://reader033.fdocuments.us/reader033/viewer/2022052622/559181b01a28ab5c6f8b4579/html5/thumbnails/17.jpg)
11/05/09
17
Write your connector
![Page 18: Winbind as Identity Management Connector](https://reader033.fdocuments.us/reader033/viewer/2022052622/559181b01a28ab5c6f8b4579/html5/thumbnails/18.jpg)
11/05/09
18
Performance
Application Cold cache Warm cache Remote cold cache
Remote warm cache
Ldap 2X - 2.5X -
Ldap+nscd
2X 1X 2.5X 1X
winbind - - 4X 1.2X
ptserver - - 2X 1X
Value for execution time
![Page 19: Winbind as Identity Management Connector](https://reader033.fdocuments.us/reader033/viewer/2022052622/559181b01a28ab5c6f8b4579/html5/thumbnails/19.jpg)
11/05/09
19
Administration Tasks - Users
unixUserPassword: ABCD!efgh12345$67890uid: testmsSFU30Name: testmsSFU30NisDomain: beolinkuidNumber: 10000gidNumber: 10000unixHomeDirectory: /home/testloginShell: /bin/sh
![Page 20: Winbind as Identity Management Connector](https://reader033.fdocuments.us/reader033/viewer/2022052622/559181b01a28ab5c6f8b4579/html5/thumbnails/20.jpg)
11/05/09
20
Administration Tasks - Groups
msSFU30Name: Domain UsersmsSFU30NisDomain: beolinkgidNumber: 10000
![Page 21: Winbind as Identity Management Connector](https://reader033.fdocuments.us/reader033/viewer/2022052622/559181b01a28ab5c6f8b4579/html5/thumbnails/21.jpg)
11/05/09
21
Administration Tasks - Processes
![Page 22: Winbind as Identity Management Connector](https://reader033.fdocuments.us/reader033/viewer/2022052622/559181b01a28ab5c6f8b4579/html5/thumbnails/22.jpg)
Migration
![Page 23: Winbind as Identity Management Connector](https://reader033.fdocuments.us/reader033/viewer/2022052622/559181b01a28ab5c6f8b4579/html5/thumbnails/23.jpg)
11/05/09
23
Archievements
![Page 24: Winbind as Identity Management Connector](https://reader033.fdocuments.us/reader033/viewer/2022052622/559181b01a28ab5c6f8b4579/html5/thumbnails/24.jpg)
11/05/09
24
Don’t forget..
![Page 25: Winbind as Identity Management Connector](https://reader033.fdocuments.us/reader033/viewer/2022052622/559181b01a28ab5c6f8b4579/html5/thumbnails/25.jpg)
11/05/09
25
Results
![Page 26: Winbind as Identity Management Connector](https://reader033.fdocuments.us/reader033/viewer/2022052622/559181b01a28ab5c6f8b4579/html5/thumbnails/26.jpg)
11/05/09
26
Results
![Page 27: Winbind as Identity Management Connector](https://reader033.fdocuments.us/reader033/viewer/2022052622/559181b01a28ab5c6f8b4579/html5/thumbnails/27.jpg)
11/05/09
27
Werbung
openAFS Conference Rome September 28-30
http://www.dia.uniroma3.it/~afscon09/