Linux-based Domain Controller with Single Sign-on
On Windows Server Systems, a domain controller (DC) is a server that responds to security authentication requests (logging in, checking permissions, etc.) within the Windows Server domain. A domain is a concept introduced in Windows NT whereby a user may be granted access to a number of computer resources with the use of a single user name and password combination”.
…that’s as per the Wikipedia.
Anyhow, we understand that switching away from your Windows desktops might be an undesirable activity for certain business users. The reasons could be anything from user habits to one-time Windows client licenses already paid for, to dependence on certain software that only runs on Windows. However, why pay for Windows server licenses just so you can have a domain controller or Active Directory support? Hardly any of the factors that force you to use Windows as a client OS comes into effect here.
We have the experience of combing the features of server applications like Samba, OpenLDAP and Squid to build a fully Linux-based domain controller that even provides you features like Single Sign-on. What we mean by Single Sign-on is that our server will authenticate the client user only once while logging into the domain, and based on the user’s rights it will provide him access to the Internet through a proxy server.
Following is a step by step work-flow of how the system works:
- Client user logs into the domain using the Linux-based Samba server.
- Samba authenticates user with LDAP address book.
- Based on LDAP rights, the user is provided access to respective authorised applications — viz., messaging, Internet, etc.
- When a user wants to access Internet, he need not re-authenticate to your proxy server. Our Squid server automatically does it by mapping the user’s domain login credentials against the LDAP database and thus obtaining access rights. Thereby giving the IT admin the ability to transparently and centrally control Internet access.