As long as your daemons are PAM aware, winbind and PAM makes configuring AD
authentication easy.

You'll have to install and configure Samba, join the domain, test, edit
nssswitch.conf and the PAM configuration files for your daemons, and you
should be off and running.

Also worth looking into is the Kerberized versions of your daemons. When you
do all of the above you're setting up Kerberos authentication anyway, so the
next logical step is to add Kerberized services and get full SSO
authentication. You'll typically have to add the SPNs to AD using ADSI Edit
or the setspn command line tool on windows to get your Kerberized services
to work.

If you won't be using Kerberized daemons, you should implement a SSL/TLS
only policy on any services using AD authentication. (HTTP, IMAP, POP3,
SMTP)


-- 
Andrew S. Zbikowski | http://andy.zibnet.us
IT Outhouse Blog Thing | http://www.itouthouse.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100202/ab4f2805/attachment.htm