The Old Joel on Software Forum: Part 4 (of 5) - Authentication for Workstations

Authentication for Workstations - Using Win2k, NT

Hi:

What is the best method to used for authorizing user access for a bunch of workstations that run on NT, win 2000 and Win XP?

Users will need to use a username and password to gain access to the machine.

Currently a central authorization is controlled through LDAP. The workstations have not required authorization prior to this - i.e. any person could use the workstation to browse the Internet.

In recent months there have been more temporary workers in the company and there have been concern that the workstations could be exploited.

Is there a clean way to make the workstations authorize users through the LDAP?

Ram Dass
Sunday, March 7, 2004

Authorization -- for what? To login? Why not use a domain?

Brad Wilson (dotnetguy.techieswithcats.com)
Sunday, March 7, 2004

I am ignorant :(

What do you mean by 'domain'?

Ram Dass
Sunday, March 7, 2004

BTW - I used the wrong term in my earlier post.

It is for 'authenticating' users - i.e. users will need to enter a login name and password.

Currently we have an LDAP - which provides company-wide authentication.

The workstations are not hooked up to LDAP and currently allow anonymous access - i.e. users are not challenged to enter a login name and password.

Would it be suitable to make the workstations authenticate users directly against LDAP?

Ram Dass
Sunday, March 7, 2004

I don't believe you can convince Windows to authenticate against an LDAP server.

A domain is precisely what Microsoft does to solve this problem. A domain controller does, among many other things, authenticate against the domain user list. You have the workstation join the domain, and then you get centralized user list management.

I know that, in the case of Windows 2000, Microsoft replaced domains with a system called Active Directory. An Active Directory server can ALSO serve as an LDAP server, so maybe one route you could take is to use a Windows 2000 or 2003 server in Active Directory mode, to replace the existing LDAP server, and given centralized authentication for all the workstations.

Brad Wilson (dotnetguy.techieswithcats.com)
Sunday, March 7, 2004

http://www.google.ca/search?q=windows+authenticate+ldap&ie=UTF-8&oe=UTF-8&hl=en&meta= suggests that you try http://pgina.xpasystems.com/ (Win2K, don't know about NT).

Christopher Wells
Monday, March 8, 2004

If you don't want to pay for Win "K server and the client licenses, use Samba.

Stephen Jones
Monday, March 8, 2004