Cross-platform authentication is a term most often heard in IT departments that want to authenticate logons to Unix servives using Microsoft's Active Directory, or authenticate logons to Windows clients using a Unix-based LDAP server. In this scenario, we're not interested in interoperability between directory services, but between a specific directory service and nonnative clients (for example, Active Directory and Unix clients).
While cross-platform authentication is our goal, we do have one rather severe stumbling block. While Microsoft does provide some tools and sample source code for integrating Unix clients into an Active Directory domain, there is currently no way to impliment an Active Directroy domain using non-Microsoft servers and technologies.
Before we begin, we should really define what it is we are talking about with this cross-platform authentication.
Here, we are not talking about authenticating Windows clients via a UNIX system acting as a PDC. If you want something like that, then our SAMBA discussion last time is all you need to know.
What we are talking about here (and with our integration with Active Directory) is integrating UNIX and Linux machines into a predominantly Windows controlled environment. Here, we are refering to networks which are maintained by Windows servers, but which UNIX and Linux servers wish to participate in. This does not mean this Linux servers will be useless satellites only mirroring data, they will be integrated with the authentication systems. A user logged into a Linux machine will be able to issue a passwd and change their password on the Windows domain. They will also be able to access their directory items from within Linux. However, be very clear that in this situation it is Windows that is ultimately in charge and not Linux.
I should note here that this is not something which I feel is a good idea. You can replace all of the functionality offered by this scheme with a properly set-up SAMBA and LDAP server which is being mirrored on a working Active Directory sub system on a domain member Windows server. However, as this is a common situation system administrators find themselves in, and because the book does cover it, so will we.
Bear in mind that, in spite of the above rant, the information here is applicable to the secondary option.
