Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Linux SSO with samba4?
2,126 views
Skip to first unread message
Quinn Plattel
Jul 12, 2012, 7:30:02 AM7/12/12
to
Hi,
I think it is great that samba4 has a single sign on solution for Windows
platforms and it seems to work well too, but I am wondering is it possible
to do the same for a Linux environment? I have been studying how to
implement single sign on using the Ubuntu way through this document:
https://help.ubuntu.com/community/SingleSignOn and I am wondering if I can
do the same with samba4 where the samba4 just replaces openldap and the
kerberos server components.
On a windows client, you can login as a user though active directory even
though that user is not defined locally on the client. Can you do the same
in a Linux environment? I have done some testing and the results so far
looks as if it is not quite there yet. For example, if I ssh to a machine
using kerberos credentials, I cannot ssh to it without have a local account
defined on that machine. Does a kerberos/ldap solution solve that kind of
problem?
br,
Quinn
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
I think it is great that samba4 has a single sign on solution for Windows
platforms and it seems to work well too, but I am wondering is it possible
to do the same for a Linux environment? I have been studying how to
implement single sign on using the Ubuntu way through this document:
https://help.ubuntu.com/community/SingleSignOn and I am wondering if I can
do the same with samba4 where the samba4 just replaces openldap and the
kerberos server components.
On a windows client, you can login as a user though active directory even
though that user is not defined locally on the client. Can you do the same
in a Linux environment? I have done some testing and the results so far
looks as if it is not quite there yet. For example, if I ssh to a machine
using kerberos credentials, I cannot ssh to it without have a local account
defined on that machine. Does a kerberos/ldap solution solve that kind of
problem?
br,
Quinn
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Bernd Markgraf
Jul 12, 2012, 8:00:02 AM7/12/12
to
Hi,
I am running such a setup for over 2 years now. Samba4 acting as AD for
the Windows Clients and LDAP/Kerberos for Linux and Solars clients. All
users are stored centrally and no local users on the clients.
I'd have to dig for more information on the setup though, as it's been a
while since I implemented it.
http://phaedrus77.blogspot.de/2010/04/samba4-ad-domain-controller-to-serve.html?showComment=1333390497132#c1731870195842128401
has my notes on setting up the Solaris clients. Linux was mostly similar
enough with further information on several other sites.
HTH,
Bernd
I am running such a setup for over 2 years now. Samba4 acting as AD for
the Windows Clients and LDAP/Kerberos for Linux and Solars clients. All
users are stored centrally and no local users on the clients.
I'd have to dig for more information on the setup though, as it's been a
while since I implemented it.
http://phaedrus77.blogspot.de/2010/04/samba4-ad-domain-controller-to-serve.html?showComment=1333390497132#c1731870195842128401
has my notes on setting up the Solaris clients. Linux was mostly similar
enough with further information on several other sites.
HTH,
Bernd
Quinn Plattel
Jul 12, 2012, 8:10:02 AM7/12/12
to
That sounds great! I think the Ubuntu SSO will work too but I am still
trying to implement it - I have run into some hiccups such as nslcd
complaining about "Client not found in Kerberos database" but I think it is
because samba4 is running in a multi-homed environment and someone on the
Kerberos mailing list said that KDC's don't like multi-homed environments -
I don't know if that is also the case with samba4 kerberos but I am testing
that theory by running a new samba4 machine with only one netcard in it.
I look forward to your Linux implementation notes.
br,
Quinn
On Thu, Jul 12, 2012 at 1:46 PM, Bernd Markgraf
<bernd.m...@med.ovgu.de>wrote:
trying to implement it - I have run into some hiccups such as nslcd
complaining about "Client not found in Kerberos database" but I think it is
because samba4 is running in a multi-homed environment and someone on the
Kerberos mailing list said that KDC's don't like multi-homed environments -
I don't know if that is also the case with samba4 kerberos but I am testing
that theory by running a new samba4 machine with only one netcard in it.
I look forward to your Linux implementation notes.
br,
Quinn
On Thu, Jul 12, 2012 at 1:46 PM, Bernd Markgraf
<bernd.m...@med.ovgu.de>wrote:
steve
Jul 12, 2012, 8:30:01 AM7/12/12
to
On 12/07/12 14:05, Quinn Plattel wrote:
>> while since I implemented it.
>>
>> http://phaedrus77.blogspot.de/2010/04/samba4-ad-domain-controller-to-serve.html?showComment=1333390497132#c1731870195842128401
>> has my notes on setting up the Solaris clients. Linux was mostly similar
>> enough with further information on several other sites.
>>
>> HTH,
>> Bernd
>>
>>
Hi Quinn, Bernd, everyone
>> while since I implemented it.
>>
>> http://phaedrus77.blogspot.de/2010/04/samba4-ad-domain-controller-to-serve.html?showComment=1333390497132#c1731870195842128401
>> has my notes on setting up the Solaris clients. Linux was mostly similar
>> enough with further information on several other sites.
>>
>> HTH,
>> Bernd
>>
>>
We converted that same method into Linux.
A Linux-windows SSO solution usind S4. We called it s4bind. The details
are here:
http://linuxcostablanca.blogspot.com.es/p/s4bind.html
HTH
Steve
Quinn Plattel
Jul 12, 2012, 11:10:02 AM7/12/12
to
yes, i found your windows/linux setup via google earlier, but the setup was
based on OpenSuse which made it a little difficult in some areas when it
comes to Ubuntu - particularly the nfs server setup section.
But thanks for the info! :-)
br,
Quinn
On Thu, Jul 12, 2012 at 2:23 PM, steve <st...@steve-ss.com> wrote:
> On 12/07/12 14:05, Quinn Plattel wrote:
>
> while since I implemented it.
>>>
>>> http://phaedrus77.blogspot.de/**2010/04/samba4-ad-domain-**
>>> controller-to-serve.html?**showComment=1333390497132#**
>>> c1731870195842128401<http://phaedrus77.blogspot.de/2010/04/samba4-ad-domain-controller-to-serve.html?showComment=1333390497132#c1731870195842128401>
>
--
Best regards/Med venlig hilsen,
Quinn Plattel
based on OpenSuse which made it a little difficult in some areas when it
comes to Ubuntu - particularly the nfs server setup section.
But thanks for the info! :-)
br,
Quinn
On Thu, Jul 12, 2012 at 2:23 PM, steve <st...@steve-ss.com> wrote:
> On 12/07/12 14:05, Quinn Plattel wrote:
>
> while since I implemented it.
>>>
>>> controller-to-serve.html?**showComment=1333390497132#**
>>> c1731870195842128401<http://phaedrus77.blogspot.de/2010/04/samba4-ad-domain-controller-to-serve.html?showComment=1333390497132#c1731870195842128401>
>>> has my notes on setting up the Solaris clients. Linux was mostly similar
>>> enough with further information on several other sites.
>>>
>>> HTH,
>>> Bernd
>>>
>>>
>>>
> Hi Quinn, Bernd, everyone
>
> We converted that same method into Linux.
>
> A Linux-windows SSO solution usind S4. We called it s4bind. The details
> are here:
> http://linuxcostablanca.**blogspot.com.es/p/s4bind.html<http://linuxcostablanca.blogspot.com.es/p/s4bind.html>
>>> enough with further information on several other sites.
>>>
>>> HTH,
>>> Bernd
>>>
>>>
>>>
> Hi Quinn, Bernd, everyone
>
> We converted that same method into Linux.
>
> A Linux-windows SSO solution usind S4. We called it s4bind. The details
> are here:
> HTH
> Steve
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/**mailman/options/samba<https://lists.samba.org/mailman/options/samba>
> Steve
> --
> To unsubscribe from this list go to the following URL and read the
>
--
Best regards/Med venlig hilsen,
Quinn Plattel
steve
Jul 12, 2012, 11:40:03 AM7/12/12
to
On 12/07/12 17:07, Quinn Plattel wrote:
> yes, i found your windows/linux setup via google earlier, but the setup
> was based on OpenSuse which made it a little difficult in some areas
> when it comes to Ubuntu - particularly the nfs server setup section.
>
> But thanks for the info! :-)
There's an Ubuntu howto on the same site which includes the NFS.
> yes, i found your windows/linux setup via google earlier, but the setup
> was based on OpenSuse which made it a little difficult in some areas
> when it comes to Ubuntu - particularly the nfs server setup section.
>
> But thanks for the info! :-)
http://linuxcostablanca.blogspot.com.es/2012/01/samba-4-ubuntu.html
Cheers,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
Quinn Plattel
Jul 13, 2012, 8:30:02 AM7/13/12
to
Hi Steve,
I have looked through your Ubuntu SSO howto and there seems to a bit of
confusion when it comes to the nslcd service. According to Ubuntu's
official SSO howto at https://help.ubuntu.com/community/SingleSignOn , one
configures nslcd for kerberos on the client side, but according to your
howto, nslcd is configured on the kerberos server side. Also, you
mentioned how to configure nslcd on the client side on this mailing list.
Does this mean that nslcd must be configured for kerberos on both the
client and the server side?
br,
Quinn
On Thu, Jul 12, 2012 at 5:33 PM, steve <st...@steve-ss.com> wrote:
> On 12/07/12 17:07, Quinn Plattel wrote:
>
>> yes, i found your windows/linux setup via google earlier, but the setup
>> was based on OpenSuse which made it a little difficult in some areas
>> when it comes to Ubuntu - particularly the nfs server setup section.
>>
>> But thanks for the info! :-)
>>
>
> There's an Ubuntu howto on the same site which includes the NFS.
> http://linuxcostablanca.**blogspot.com.es/2012/01/samba-**4-ubuntu.html<http://linuxcostablanca.blogspot.com.es/2012/01/samba-4-ubuntu.html>
> Cheers,
> Steve
>
--
I have looked through your Ubuntu SSO howto and there seems to a bit of
confusion when it comes to the nslcd service. According to Ubuntu's
official SSO howto at https://help.ubuntu.com/community/SingleSignOn , one
configures nslcd for kerberos on the client side, but according to your
howto, nslcd is configured on the kerberos server side. Also, you
mentioned how to configure nslcd on the client side on this mailing list.
Does this mean that nslcd must be configured for kerberos on both the
client and the server side?
br,
Quinn
On Thu, Jul 12, 2012 at 5:33 PM, steve <st...@steve-ss.com> wrote:
> On 12/07/12 17:07, Quinn Plattel wrote:
>
>> yes, i found your windows/linux setup via google earlier, but the setup
>> was based on OpenSuse which made it a little difficult in some areas
>> when it comes to Ubuntu - particularly the nfs server setup section.
>>
>> But thanks for the info! :-)
>>
>
> There's an Ubuntu howto on the same site which includes the NFS.
> Cheers,
> Steve
>
--
Best regards/Med venlig hilsen,
Quinn Plattel
Quinn Plattel
Quinn Plattel
Jul 13, 2012, 8:50:01 AM7/13/12
to
Hi Bernd,
I looked through your solaris sso setup and I noticed that you use autofs
for auto-mounting /home. Will this not give problems with mobile platforms
when they don't have access to there home directories?
There is some interesting info on SSO and cached credentials here:
https://help.ubuntu.com/community/SingleSignOn
br,
Quinn
I looked through your solaris sso setup and I noticed that you use autofs
for auto-mounting /home. Will this not give problems with mobile platforms
when they don't have access to there home directories?
There is some interesting info on SSO and cached credentials here:
https://help.ubuntu.com/community/SingleSignOn
br,
Quinn
Bernd Markgraf
Jul 13, 2012, 8:50:01 AM7/13/12
to
On Fri, 2012-07-13 at 14:40 +0200, Quinn Plattel wrote:
> Hi Bernd,
>
> I looked through your solaris sso setup and I noticed that you use
> autofs for auto-mounting /home. Will this not give problems with
> mobile platforms when they don't have access to there home
> directories?
It sure would, but since there are no mobile devices running a Unix
> Hi Bernd,
>
> I looked through your solaris sso setup and I noticed that you use
> autofs for auto-mounting /home. Will this not give problems with
> mobile platforms when they don't have access to there home
> directories?
flavour around here, I'm ok with that. For the Windows notebooks - they
keep a cached copy of the profile (unfortunately). All data are to be
kept on site, at least that's the plan ;-)
Quinn Plattel
Jul 13, 2012, 9:20:01 AM7/13/12
to
For the list....
---------- Forwarded message ----------
From: Bernd Markgraf <bernd.m...@med.ovgu.de>
Date: Fri, Jul 13, 2012 at 2:44 PM
Subject: Re: [Samba] Linux SSO with samba4?
To: Quinn Plattel <qie...@gmail.com>
Cc: samba <sa...@lists.samba.org>
On Fri, 2012-07-13 at 14:40 +0200, Quinn Plattel wrote:
> Hi Bernd,
>
> I looked through your solaris sso setup and I noticed that you use
> autofs for auto-mounting /home. Will this not give problems with
> mobile platforms when they don't have access to there home
> directories?
It sure would, but since there are no mobile devices running a Unix
flavour around here, I'm ok with that. For the Windows notebooks - they
keep a cached copy of the profile (unfortunately). All data are to be
kept on site, at least that's the plan ;-)
Bernd
--
---------- Forwarded message ----------
From: Bernd Markgraf <bernd.m...@med.ovgu.de>
Date: Fri, Jul 13, 2012 at 2:44 PM
Subject: Re: [Samba] Linux SSO with samba4?
To: Quinn Plattel <qie...@gmail.com>
Cc: samba <sa...@lists.samba.org>
On Fri, 2012-07-13 at 14:40 +0200, Quinn Plattel wrote:
> Hi Bernd,
>
> I looked through your solaris sso setup and I noticed that you use
> autofs for auto-mounting /home. Will this not give problems with
> mobile platforms when they don't have access to there home
> directories?
It sure would, but since there are no mobile devices running a Unix
flavour around here, I'm ok with that. For the Windows notebooks - they
keep a cached copy of the profile (unfortunately). All data are to be
kept on site, at least that's the plan ;-)
Bernd
--
Best regards/Med venlig hilsen,
Quinn Plattel
Quinn Plattel
steve
Jul 13, 2012, 11:50:02 AM7/13/12
to
On 13/07/12 14:20, Quinn Plattel wrote:
Does this mean that nslcd must be configured for kerberos on both
> the client and the server side?
>
Yes. nss-ldapd/nslcd must be running at both client and server ends.
Does this mean that nslcd must be configured for kerberos on both
> the client and the server side?
>
To save time, we made a usb memory stick with a script to copy the
keytab, nslcd.conf and nsswitch.conf for new Linux clients.
Cheers,
Steve
Andrew Bartlett
Jul 13, 2012, 7:30:02 PM7/13/12
to
On Thu, 2012-07-12 at 13:22 +0200, Quinn Plattel wrote:
> Hi,
>
> I think it is great that samba4 has a single sign on solution for Windows
> platforms and it seems to work well too, but I am wondering is it possible
> to do the same for a Linux environment? I have been studying how to
> implement single sign on using the Ubuntu way through this document:
> https://help.ubuntu.com/community/SingleSignOn and I am wondering if I can
> do the same with samba4 where the samba4 just replaces openldap and the
> kerberos server components.
>
> On a windows client, you can login as a user though active directory even
> though that user is not defined locally on the client. Can you do the same
> in a Linux environment? I have done some testing and the results so far
> looks as if it is not quite there yet. For example, if I ssh to a machine
> using kerberos credentials, I cannot ssh to it without have a local account
> defined on that machine. Does a kerberos/ldap solution solve that kind of
> problem?
We recommend and support joining Samba as a domain member to Samba4 for
> Hi,
>
> I think it is great that samba4 has a single sign on solution for Windows
> platforms and it seems to work well too, but I am wondering is it possible
> to do the same for a Linux environment? I have been studying how to
> implement single sign on using the Ubuntu way through this document:
> https://help.ubuntu.com/community/SingleSignOn and I am wondering if I can
> do the same with samba4 where the samba4 just replaces openldap and the
> kerberos server components.
>
> On a windows client, you can login as a user though active directory even
> though that user is not defined locally on the client. Can you do the same
> in a Linux environment? I have done some testing and the results so far
> looks as if it is not quite there yet. For example, if I ssh to a machine
> using kerberos credentials, I cannot ssh to it without have a local account
> defined on that machine. Does a kerberos/ldap solution solve that kind of
> problem?
these situations.
This will handle doing a login with kerberos, including a local kerberos
ticket etc, providing the account via nss and everything else. The
server can be Samba4 or Microsoft's AD.
You may be interested in idmap_ad as an IDMAP module on the clients.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Quinn Plattel
Jul 17, 2012, 9:10:02 AM7/17/12
to
Hi all,
I'm about give up on this Ubuntu SSO setup - I haven't been able to get any
solution to work so far. I have looked through Bernd's notes, Steve's
notes, and the Ubuntu Community SSO. I think it is because most of the
howto's are old and may not work with a Ubuntu 12.04/samba4 + Ubuntu 12.04
client setup. I can only get the windows SSO to work with samba4 which is
quite easy compared to getting a Linux SSO to work at all. I feel I am so
close to getting it to work after understanding how kerberos works. I
think I'll try a dns/kerberos server/openldap sso setup via Ubuntu
Community SSO without samba4 and see if I can get that to work.
Thanks for all the help so far.
br,
Quinn
On Thu, Jul 12, 2012 at 1:22 PM, Quinn Plattel <qie...@gmail.com> wrote:
> Hi,
>
> I think it is great that samba4 has a single sign on solution for Windows
> platforms and it seems to work well too, but I am wondering is it possible
> to do the same for a Linux environment? I have been studying how to
> implement single sign on using the Ubuntu way through this document:
> https://help.ubuntu.com/community/SingleSignOn and I am wondering if I
> can do the same with samba4 where the samba4 just replaces openldap and the
> kerberos server components.
>
> On a windows client, you can login as a user though active directory even
> though that user is not defined locally on the client. Can you do the same
> in a Linux environment? I have done some testing and the results so far
> looks as if it is not quite there yet. For example, if I ssh to a machine
> using kerberos credentials, I cannot ssh to it without have a local account
> defined on that machine. Does a kerberos/ldap solution solve that kind of
> problem?
>
> br,
> Quinn
>
--
I'm about give up on this Ubuntu SSO setup - I haven't been able to get any
solution to work so far. I have looked through Bernd's notes, Steve's
notes, and the Ubuntu Community SSO. I think it is because most of the
howto's are old and may not work with a Ubuntu 12.04/samba4 + Ubuntu 12.04
client setup. I can only get the windows SSO to work with samba4 which is
quite easy compared to getting a Linux SSO to work at all. I feel I am so
close to getting it to work after understanding how kerberos works. I
think I'll try a dns/kerberos server/openldap sso setup via Ubuntu
Community SSO without samba4 and see if I can get that to work.
Thanks for all the help so far.
br,
Quinn
On Thu, Jul 12, 2012 at 1:22 PM, Quinn Plattel <qie...@gmail.com> wrote:
> Hi,
>
> I think it is great that samba4 has a single sign on solution for Windows
> platforms and it seems to work well too, but I am wondering is it possible
> to do the same for a Linux environment? I have been studying how to
> implement single sign on using the Ubuntu way through this document:
> https://help.ubuntu.com/community/SingleSignOn and I am wondering if I
> can do the same with samba4 where the samba4 just replaces openldap and the
> kerberos server components.
>
> On a windows client, you can login as a user though active directory even
> though that user is not defined locally on the client. Can you do the same
> in a Linux environment? I have done some testing and the results so far
> looks as if it is not quite there yet. For example, if I ssh to a machine
> using kerberos credentials, I cannot ssh to it without have a local account
> defined on that machine. Does a kerberos/ldap solution solve that kind of
> problem?
>
> br,
> Quinn
>
--
Best regards/Med venlig hilsen,
Quinn Plattel
Quinn Plattel
steve
Jul 17, 2012, 2:30:02 PM7/17/12
to
On 17/07/12 15:04, Quinn Plattel wrote:
> Hi all,
>
> I'm about give up on this Ubuntu SSO setup - I haven't been able to get any
> solution to work so far. I have looked through Bernd's notes, Steve's
> notes, and the Ubuntu Community SSO. I think it is because most of the
> howto's are old and may not work with a Ubuntu 12.04/samba4 + Ubuntu 12.04
> client setup.
Hi Quinn
> Hi all,
>
> I'm about give up on this Ubuntu SSO setup - I haven't been able to get any
> solution to work so far. I have looked through Bernd's notes, Steve's
> notes, and the Ubuntu Community SSO. I think it is because most of the
> howto's are old and may not work with a Ubuntu 12.04/samba4 + Ubuntu 12.04
> client setup.
The Samba doco describes SSO as the holy grail for admins (sic)
S4 caters for Windows out of the box. To get it to talk to Linux clients
on the same terms takes a little longer. We have a 12.4-SSO
Ubuntu-xp-7-setup working. I know how you feel. It took us the best part
of 6 months to get it going with s4. When you do, you can set up an
Ubuntu client in a matter of minutes and wonder what all the fuss was
about. So don't give up, you are almost there. You are making all the
right noises, especially with nslcd/nss-ldapd. We work with limited
resources but are more than willing to help those go down the same road.
Offlist or via our blog if you like.
Cheers,
Steve
Bernd Markgraf
Jul 17, 2012, 4:30:01 PM7/17/12
to
Hi Quinn,
here's short summary what I did to make Linux use S4's LDAP/Kerberos.
I'm running Oracle Enterprise Linux on our boxes, so I'm not sure how
different that is from Ubuntu. I tried Suse before but that was quite a
pain.
OEL asks where user accounts come from when the setup runs after
installation. I entered all information about the LDAP bits there as
well as the Kerberos server, realm and so forth.
At this point this setup does not yet work. I then used the samba3 bits
from OEL to join the client to the S4 domain. This creates the service
principals for the client on the DC. Once the client has joined the
domain I used 'net ads keytab create' to dump the clients keytab from
the DC into a file. This keytab enables the use of kerberized
authentication. Last thing to do is to set passwd, group and shadow to
use ldap in /etc/nsswitch.conf
After that everything is in place and ready for use. I had no need to
utilize anything not provided by OEL. Packages of interest are nss_ldap,
openldap and openldap-clients (names most likely differ on Ubuntu).
Prerequisite for this setup is the proper LDAP schema (rfc2307) to
include all the Unix related information. I don't think I had to modify
the default mapping on the clients.
Again - I don't know much about Ubuntu. But I would guess as a end
user/desktop oriented distribution things might be a little harder.
I could provide the config files with the LDAP/Kerberos client settings.
Hope that helps,
Bernd
here's short summary what I did to make Linux use S4's LDAP/Kerberos.
I'm running Oracle Enterprise Linux on our boxes, so I'm not sure how
different that is from Ubuntu. I tried Suse before but that was quite a
pain.
OEL asks where user accounts come from when the setup runs after
installation. I entered all information about the LDAP bits there as
well as the Kerberos server, realm and so forth.
At this point this setup does not yet work. I then used the samba3 bits
from OEL to join the client to the S4 domain. This creates the service
principals for the client on the DC. Once the client has joined the
domain I used 'net ads keytab create' to dump the clients keytab from
the DC into a file. This keytab enables the use of kerberized
authentication. Last thing to do is to set passwd, group and shadow to
use ldap in /etc/nsswitch.conf
After that everything is in place and ready for use. I had no need to
utilize anything not provided by OEL. Packages of interest are nss_ldap,
openldap and openldap-clients (names most likely differ on Ubuntu).
Prerequisite for this setup is the proper LDAP schema (rfc2307) to
include all the Unix related information. I don't think I had to modify
the default mapping on the clients.
Again - I don't know much about Ubuntu. But I would guess as a end
user/desktop oriented distribution things might be a little harder.
I could provide the config files with the LDAP/Kerberos client settings.
Hope that helps,
Bernd
mourik jan heupink
Jul 17, 2012, 6:00:02 PM7/17/12
to
What blog would that be..?
On 07/17/2012 08:20 PM, steve wrote:
> Offlist or via our blog if you like.
On 07/17/2012 08:20 PM, steve wrote:
> Offlist or via our blog if you like.
steve
Jul 18, 2012, 4:20:01 AM7/18/12
to
On 17/07/12 23:49, mourik jan heupink wrote:
> What blog would that be..?
>
> On 07/17/2012 08:20 PM, steve wrote:
>> Offlist or via our blog if you like.
>
http://linuxcostablanca.blogspot.com.es/p/samba-4.html
> What blog would that be..?
>
> On 07/17/2012 08:20 PM, steve wrote:
>> Offlist or via our blog if you like.
>
mourik jan c heupink
Jul 18, 2012, 8:40:01 AM7/18/12
to
steve
Jul 18, 2012, 9:10:02 AM7/18/12
to
On 12/07/12 13:22, Quinn Plattel wrote:
> https://help.ubuntu.com/community/SingleSignOn
I'm afraid it doesn't apply to S4. I don't think you can have S4 LDAP
and openldap going at the same time unless during the brief time you are
doing a domain upgrade from NT.
Maybe others know a way. . .
C'mon. Do it:)
Cheers,
Steve
> https://help.ubuntu.com/community/SingleSignOn
I'm afraid it doesn't apply to S4. I don't think you can have S4 LDAP
and openldap going at the same time unless during the brief time you are
doing a domain upgrade from NT.
Maybe others know a way. . .
C'mon. Do it:)
Cheers,
Steve
Sven Geggus
Jul 18, 2012, 9:20:02 AM7/18/12
to
Quinn Plattel <qie...@gmail.com> wrote:
> I think it is great that samba4 has a single sign on solution for Windows
> platforms and it seems to work well too, but I am wondering is it possible
> to do the same for a Linux environment?
I have a working single sign on solution running using Active
> I think it is great that samba4 has a single sign on solution for Windows
> platforms and it seems to work well too, but I am wondering is it possible
> to do the same for a Linux environment?
Directory, nslcd and pam-krb5, I don't see a reason why this should
not work using samba4 as well.
> On a windows client, you can login as a user though active directory even
> though that user is not defined locally on the client. Can you do the same
> in a Linux environment?
http://wiki.debian.org/LDAP/PAM
Sven
--
"Every time you use Google, you're using a Linux machine"
(Chris DiBona, a programs manager for Google)
/me is giggls@ircnet, http://sven.gegg.us/ on the Web
Quinn Plattel
Jul 19, 2012, 5:00:02 AM7/19/12
to
Hi Steve,
No, I haven't given up yet but right now I am trying the Ubuntu
SingleSignOn way without samba4. I know it doesn't apply to samba4 but you
should be able to use the client setup parts against samba4.
I took a break from samba4 yesterday to clear my head. I'll get back to
samba4 when I finished playing with the Ubuntu SSO howto.
br,
Quinn
On Wed, Jul 18, 2012 at 2:59 PM, steve <st...@steve-ss.com> wrote:
> On 12/07/12 13:22, Quinn Plattel wrote:
>
> https://help.ubuntu.com/**community/SingleSignOn<https://help.ubuntu.com/community/SingleSignOn>
No, I haven't given up yet but right now I am trying the Ubuntu
SingleSignOn way without samba4. I know it doesn't apply to samba4 but you
should be able to use the client setup parts against samba4.
I took a break from samba4 yesterday to clear my head. I'll get back to
samba4 when I finished playing with the Ubuntu SSO howto.
br,
Quinn
On Wed, Jul 18, 2012 at 2:59 PM, steve <st...@steve-ss.com> wrote:
> On 12/07/12 13:22, Quinn Plattel wrote:
>
>>
>
> I'm afraid it doesn't apply to S4. I don't think you can have S4 LDAP and
> openldap going at the same time unless during the brief time you are doing
> a domain upgrade from NT.
>
> Maybe others know a way. . .
>
> C'mon. Do it:)
> Cheers,
> Steve
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/**mailman/options/samba<https://lists.samba.org/mailman/options/samba>
>
> I'm afraid it doesn't apply to S4. I don't think you can have S4 LDAP and
> openldap going at the same time unless during the brief time you are doing
> a domain upgrade from NT.
>
> Maybe others know a way. . .
>
> C'mon. Do it:)
> Cheers,
> Steve
>
> --
> To unsubscribe from this list go to the following URL and read the
>
--
Best regards/Med venlig hilsen,
Quinn Plattel
--
Best regards/Med venlig hilsen,
Quinn Plattel
steve
Jul 19, 2012, 6:30:01 AM7/19/12
to
On 19/07/12 10:58, Quinn Plattel wrote:
> Hi Steve,
>
> No, I haven't given up yet but right now I am trying the Ubuntu
> SingleSignOn way without samba4. I know it doesn't apply to samba4 but
> you should be able to use the client setup parts against samba4.
> I took a break from samba4 yesterday to clear my head. I'll get back to
> samba4 when I finished playing with the Ubuntu SSO howto.
>
Hi Quinn
> Hi Steve,
>
> No, I haven't given up yet but right now I am trying the Ubuntu
> SingleSignOn way without samba4. I know it doesn't apply to samba4 but
> you should be able to use the client setup parts against samba4.
> I took a break from samba4 yesterday to clear my head. I'll get back to
> samba4 when I finished playing with the Ubuntu SSO howto.
>
Yeah, I know the feeling.
Whilst windows clients work out of the box, it's a pity that it is such
a struggle to join a Linux client. Having said that, with the right
scripts it can be made into a point and click affair a la m$.
Cheers and good luck with the Ubuntu notes,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
0 new messages