[Samba] Linux Authentication Ideas
This is a discussion on [Samba] Linux Authentication Ideas within the Samba forums, part of the Networking and Network Related category; Hello Everyone, I have been tasked to work on consolidating authentication to achieve single sign-on using Active Directory. We ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-14-2008
|
|||
|
|||
[Samba] Linux Authentication Ideas
Hello Everyone, I have been tasked to work on consolidating
authentication to achieve single sign-on using Active Directory. We have mix of Linux and Windows Hosts. All Linux hosts do local authentication currently and Windows hosts authenticates Active directory. I have been thinking of using Samba to authenticate Linux Hosts against Active Directory. I am fairly confident of configuring straight Linux to AD authentication. But we have 2 Active Directory forests. AD2 is trusted by AD1 and all the Linux hosts will be part of AD1. The idea is to have a AD1 resource and AD2 users. So we will need Linux Hosts to authenticate users of both AD1 and AD2. I am not sure about how to map uid/gid and also weather kerboros will be able to authenticate both Domains. If you guys can throw some ideas on how to achieve this, that will be great. Cheers, LA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba 
|
|
07-17-2008
|
|||
|
|||
|
[Samba] Re: Linux Authentication Ideas
Linux Addict wrote:
> Hello Everyone, I have been tasked to work on consolidating > authentication to achieve single sign-on using Active Directory. > > We have mix of Linux and Windows Hosts. All Linux hosts do local > authentication currently and Windows hosts authenticates Active > directory. > > I have been thinking of using Samba to authenticate Linux Hosts > against Active Directory. I am fairly confident of configuring > straight Linux to AD authentication. But we have 2 Active Directory > forests. AD2 is trusted by AD1 and all the Linux hosts will be part of > AD1. > > The idea is to have a AD1 resource and AD2 users. So we will need > Linux Hosts to authenticate users of both AD1 and AD2. I am not sure > about how to map uid/gid and also weather kerboros will be able to > authenticate both Domains. > > If you guys can throw some ideas on how to achieve this, that will be > great. > > Cheers, LA > Pump.. sorry.. I haven't heard from anyone. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
|
|
07-17-2008
|
|||
|
|||
|
Re: [Samba] Re: Linux Authentication Ideas
On Thu, Jul 17, 2008 at 09:37:49AM -0400, Linux Addict wrote:
> Linux Addict wrote: > >Hello Everyone, I have been tasked to work on consolidating > >authentication to achieve single sign-on using Active Directory. > > > >We have mix of Linux and Windows Hosts. All Linux hosts do local > >authentication currently and Windows hosts authenticates Active > >directory. > > > >I have been thinking of using Samba to authenticate Linux Hosts > >against Active Directory. I am fairly confident of configuring > >straight Linux to AD authentication. But we have 2 Active Directory > >forests. AD2 is trusted by AD1 and all the Linux hosts will be part of > >AD1. > > > >The idea is to have a AD1 resource and AD2 users. So we will need > >Linux Hosts to authenticate users of both AD1 and AD2. I am not sure > >about how to map uid/gid and also weather kerboros will be able to > >authenticate both Domains. > > > >If you guys can throw some ideas on how to achieve this, that will be > >great. > > > >Cheers, LA > > > Pump.. sorry.. I haven't heard from anyone. If both trust each other, shouldn't it just plain work? Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFIf0x9UzqjrWwMRl0RApSSAJ4nNHbdYbNj3mYgE5UYdJ Ej9hVUcwCfeMUj kuVxd1QxQUdbPD+pb/qPrLE= =5LQF -----END PGP SIGNATURE-----
|
|
07-17-2008
|
|||
|
|||
|
Re: [Samba] Re: Linux Authentication Ideas
Volker Lendecke wrote:
> On Thu, Jul 17, 2008 at 09:37:49AM -0400, Linux Addict wrote: > >> Linux Addict wrote: >> >>> Hello Everyone, I have been tasked to work on consolidating >>> authentication to achieve single sign-on using Active Directory. >>> >>> We have mix of Linux and Windows Hosts. All Linux hosts do local >>> authentication currently and Windows hosts authenticates Active >>> directory. >>> >>> I have been thinking of using Samba to authenticate Linux Hosts >>> against Active Directory. I am fairly confident of configuring >>> straight Linux to AD authentication. But we have 2 Active Directory >>> forests. AD2 is trusted by AD1 and all the Linux hosts will be part of >>> AD1. >>> >>> The idea is to have a AD1 resource and AD2 users. So we will need >>> Linux Hosts to authenticate users of both AD1 and AD2. I am not sure >>> about how to map uid/gid and also weather kerboros will be able to >>> authenticate both Domains. >>> >>> If you guys can throw some ideas on how to achieve this, that will be >>> great. >>> >>> Cheers, LA >>> >>> >> Pump.. sorry.. I haven't heard from anyone. >> > > If both trust each other, shouldn't it just plain work? > > Volker > Thanks for your response. No.. Its one way trust. Using kerboros authntication, doesn't seem to be working for the users of Trusted Domain users as Default domain option on krb5.conf appends the domain name. But winbind works, I am ok with that. But I am having issues mapping uid/gid consistent across network for . Also, the tdb files seems to be corrupted frequently. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
|
Linear Mode
