public inbox for gentoo-server@lists.gentoo.org
 help / color / mirror / Atom feed
From: Brian Kroth <bpkroth@gmail.com>
To: Pandu Poluan <pandu@poluan.info>
Cc: "Gentoo-server@lists.gentoo.org" <Gentoo-server@lists.gentoo.org>
Subject: Re: [gentoo-server] Active Directory Based Authentication?
Date: Fri, 11 May 2012 09:30:00 -0500	[thread overview]
Message-ID: <20120511142958.GI8963@gmail.com> (raw)
In-Reply-To: <CAA2qdGWBiCGPaoT=+FWGtV2ANO-e8THi7rt5Uvyf2wgMQVd8AA@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 1292 bytes --]

Pandu Poluan <pandu@poluan.info> 2012-05-11 10:36:
>   Hello list,
>
>   I just want to know, what is your recommendation(s) to implement Active
>   Directory authentication on Gentoo?

Attribute data can be stored/retrieved in ldaps (as in AD usually only 
allows authenticated binds to retrieve data and it requires an ssl 
connection to do that, other than that it's really just ldap).

Authentication can be done either via ldaps or kerberos, though I 
personally find the later to be extra complication that's usually 
unnecessary.

As someone else mentioned, there's a wealth of data out there on how to 
do this in any number of schemes (eg: libnss-ldap, libpam-ldap, sssd, 
etc.).

>   I want to use AD not only for logins, but also for running
>   daemons/services.

I don't see the distinction.  Either way it seems you're concerned with 
authenticating users and doing attribute lookups on them.

>   *Ideally*, it would also allow me to manage my boxen using GPO, but I can
>   live without that.

I'm not personally aware of anything that does that.  If there is, it's 
probably something like redhat/suse specific.

However, I believe it is possible to use a samba4 host as a domain 
controller to serve GPs to windows clients.

Cheers,
Brian

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

  parent reply	other threads:[~2012-05-11 14:30 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-05-11  3:36 [gentoo-server] Active Directory Based Authentication? Pandu Poluan
2012-05-11 14:14 ` Matthew Thode
2012-05-12 13:15   ` Pandu Poluan
2012-05-11 14:30 ` Brian Kroth [this message]
2012-05-12 13:18   ` Pandu Poluan
2012-05-11 14:51 ` Vinícius Ferrão
2012-05-11 21:25   ` Matthew Thode
2012-05-12 13:22     ` Pandu Poluan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120511142958.GI8963@gmail.com \
    --to=bpkroth@gmail.com \
    --cc=Gentoo-server@lists.gentoo.org \
    --cc=pandu@poluan.info \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox