From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1SSxMe-0008No-7y for garchives@archives.gentoo.org; Fri, 11 May 2012 21:27:08 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8BBBFE0958; Fri, 11 May 2012 21:26:43 +0000 (UTC) Received: from mx1.mthode.org (rrcs-24-173-105-85.sw.biz.rr.com [24.173.105.85]) by pigeon.gentoo.org (Postfix) with ESMTP id EA90FE0920 for ; Fri, 11 May 2012 21:26:22 +0000 (UTC) Received: from khorne.mthode.org (unknown [IPv6:2001:470:e1cc:3:883f:10ff:fe53:53aa]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.mthode.org (Postfix) with ESMTPSA id 7686DBD6C for ; Fri, 11 May 2012 17:26:21 -0400 (EDT) Message-ID: <4FAD83DC.5040207@gentoo.org> Date: Fri, 11 May 2012 16:25:48 -0500 From: Matthew Thode User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120505 Thunderbird/12.0.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-server@lists.gentoo.org Reply-to: gentoo-server@lists.gentoo.org MIME-Version: 1.0 To: gentoo-server@lists.gentoo.org Subject: Re: [gentoo-server] Active Directory Based Authentication? References: In-Reply-To: X-Enigmail-Version: 1.5pre Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig07E0283F21DD900C621A77DA" X-Archives-Salt: 74a5f26a-913c-48c1-8135-46e379f404d2 X-Archives-Hash: d2fadead58a98eaad5e7290bf441d294 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig07E0283F21DD900C621A77DA Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 05/11/2012 09:51 AM, Vin=C3=ADcius Ferr=C3=A3o wrote: > Hello Pandu, >=20 > I have done a implementation using a daemon named sssd. It's sponsored = by the Fedora Project if I remember correctly. >=20 > It supports 2008r2 AD without much hassle. I've setup everything relyin= g on LDAP for information and Kerberos for authentication. So you don't n= eed things like nss-ldap, nslcd, nscd and other old services. You can han= dle almost everything with SSSD. And even better: SSSD supports offline s= erver authentication in the case of your AD is down or not reachable at t= he moment. >=20 > I can send you some links in the night (Brazilian night) when I will be= at home. >=20 > Sent from my iPhone >=20 > On 11/05/2012, at 00:36, Pandu Poluan wrote: >=20 >> Hello list, >> >> I just want to know, what is your recommendation(s) to implement Activ= e Directory authentication on Gentoo? >> >> I want to use AD not only for logins, but also for running daemons/ser= vices. >> >> *Ideally*, it would also allow me to manage my boxen using GPO, but I = can live without that. >> >> Rgds, >=20 I can attest to how awesome sssd is. I use it for linux server to linux client, but the concept is still the same. --=20 -- Matthew Thode (prometheanfire) --------------enig07E0283F21DD900C621A77DA Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPrYPoAAoJECRx6z5ArFrD4xcQAJk9QwNtDugXGaZ5Ae2VXe1w AX0I1ARHeN5w6xjAsAWkQ5ImWA8rUpFWhEk5NvZGUKz03ESnCoNrrlCkjeAqCtC3 xCCTheLF/Koy4LTYE00CD9QqgbtAEH5CMKyJTeqN9ndGGG6W4lRU/yho67Ex9m4V WGnJIsW62KbHP2FwG/qXH1vp77tJfCz5HKWoFDa0PD8r5xe9uCqib74SA8qBpKSn 5obMz+w0E7q63QqvTU2HEU0l6MH0gDRRaN8nzzfG/YpwF5/VeY7+KMJHsZI1FwCg 1LhBjBexpucfn8FoZiciabv+/ogRAkY4J2WUxOcrENzLw9m2KbeVcioAdA0o5Mdx 4ZEcntc0iMJmX3s/N0F1R4Cz/AtDWjxtU6sZWJTV3TVlDLPSYevLaCjKA8EXr+tI pv4t36M7CDRGYHodZyH7r2KZYttRdgHultvUqLeETjAXCQPK/rDw8oacQB4+4Wf6 JIJjKoqAy0+E94Xzd2SaZ6BASHLEZQP3rHfHQKZzU3NV3l6ZJbm1Eevx/xp/C6tM e2tllQk36z2ZkUHoXnx37rE66Tvd9iQ/hclNNz9Htsj6EzJgjXXRwuBexuo/ach5 LXVGdFBjPy+xOdoFfCOcvhPrAJa0XhcI/A8pNRH+zqrRi3Wpb0SfebaXmktZZJ78 bN26TQ4GBT0N2/9/XM8A =1IHB -----END PGP SIGNATURE----- --------------enig07E0283F21DD900C621A77DA--