From: Brian Kroth <bpkroth@gmail.com>
To: Pandu Poluan <pandu@poluan.info>
Cc: "Gentoo-server@lists.gentoo.org" <Gentoo-server@lists.gentoo.org>
Subject: Re: [gentoo-server] Active Directory Based Authentication?
Date: Fri, 11 May 2012 09:30:00 -0500 [thread overview]
Message-ID: <20120511142958.GI8963@gmail.com> (raw)
In-Reply-To: <CAA2qdGWBiCGPaoT=+FWGtV2ANO-e8THi7rt5Uvyf2wgMQVd8AA@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1292 bytes --]
Pandu Poluan <pandu@poluan.info> 2012-05-11 10:36:
> Hello list,
>
> I just want to know, what is your recommendation(s) to implement Active
> Directory authentication on Gentoo?
Attribute data can be stored/retrieved in ldaps (as in AD usually only
allows authenticated binds to retrieve data and it requires an ssl
connection to do that, other than that it's really just ldap).
Authentication can be done either via ldaps or kerberos, though I
personally find the later to be extra complication that's usually
unnecessary.
As someone else mentioned, there's a wealth of data out there on how to
do this in any number of schemes (eg: libnss-ldap, libpam-ldap, sssd,
etc.).
> I want to use AD not only for logins, but also for running
> daemons/services.
I don't see the distinction. Either way it seems you're concerned with
authenticating users and doing attribute lookups on them.
> *Ideally*, it would also allow me to manage my boxen using GPO, but I can
> live without that.
I'm not personally aware of anything that does that. If there is, it's
probably something like redhat/suse specific.
However, I believe it is possible to use a samba4 host as a domain
controller to serve GPs to windows clients.
Cheers,
Brian
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
next prev parent reply other threads:[~2012-05-11 14:30 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-11 3:36 [gentoo-server] Active Directory Based Authentication? Pandu Poluan
2012-05-11 14:14 ` Matthew Thode
2012-05-12 13:15 ` Pandu Poluan
2012-05-11 14:30 ` Brian Kroth [this message]
2012-05-12 13:18 ` Pandu Poluan
2012-05-11 14:51 ` Vinícius Ferrão
2012-05-11 21:25 ` Matthew Thode
2012-05-12 13:22 ` Pandu Poluan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120511142958.GI8963@gmail.com \
--to=bpkroth@gmail.com \
--cc=Gentoo-server@lists.gentoo.org \
--cc=pandu@poluan.info \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox