From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1STCHp-00018v-Pj for garchives@archives.gentoo.org; Sat, 12 May 2012 13:23:06 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 01A4EE09C9; Sat, 12 May 2012 13:22:39 +0000 (UTC) Received: from svr-us4.tirtonadi.com (svr-us4.tirtonadi.com [69.65.43.212]) by pigeon.gentoo.org (Postfix) with ESMTP id 31D5BE09BB for ; Sat, 12 May 2012 13:22:31 +0000 (UTC) Received: from mail-vb0-f53.google.com ([209.85.212.53]) by svr-us4.tirtonadi.com with esmtpsa (TLSv1:RC4-SHA:128) (Exim 4.69) (envelope-from ) id 1STCEK-004Dp4-6s for gentoo-server@lists.gentoo.org; Sat, 12 May 2012 20:19:28 +0700 Received: by vbbfc26 with SMTP id fc26so4380731vbb.40 for ; Sat, 12 May 2012 06:22:28 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-server@lists.gentoo.org Reply-to: gentoo-server@lists.gentoo.org MIME-Version: 1.0 Received: by 10.52.15.233 with SMTP id a9mr1015941vdd.34.1336828948359; Sat, 12 May 2012 06:22:28 -0700 (PDT) Received: by 10.220.81.202 with HTTP; Sat, 12 May 2012 06:22:28 -0700 (PDT) Received: by 10.220.81.202 with HTTP; Sat, 12 May 2012 06:22:28 -0700 (PDT) In-Reply-To: <4FAD83DC.5040207@gentoo.org> References: <4FAD83DC.5040207@gentoo.org> Date: Sat, 12 May 2012 20:22:28 +0700 Message-ID: Subject: Re: [gentoo-server] Active Directory Based Authentication? From: Pandu Poluan To: gentoo-server@lists.gentoo.org Content-Type: multipart/alternative; boundary=20cf302d4dd497ab1104bfd6be05 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - svr-us4.tirtonadi.com X-AntiAbuse: Original Domain - lists.gentoo.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - poluan.info X-Archives-Salt: 82c1d810-7dad-449e-8b86-4ef5452136ed X-Archives-Hash: 32a46a23f8f78e178da11796598d6aa5 --20cf302d4dd497ab1104bfd6be05 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On May 12, 2012 4:28 AM, "Matthew Thode" wrote: > > On 05/11/2012 09:51 AM, Vin=C3=ADcius Ferr=C3=A3o wrote: > > Hello Pandu, > > > > I have done a implementation using a daemon named sssd. It's sponsored by the Fedora Project if I remember correctly. > > > > It supports 2008r2 AD without much hassle. I've setup everything relying on LDAP for information and Kerberos for authentication. So you don't need things like nss-ldap, nslcd, nscd and other old services. You can handle almost everything with SSSD. And even better: SSSD supports offline server authentication in the case of your AD is down or not reachable at the moment. > > > > I can send you some links in the night (Brazilian night) when I will be at home. > > > > Sent from my iPhone > > > > On 11/05/2012, at 00:36, Pandu Poluan wrote: > > > >> Hello list, > >> > >> I just want to know, what is your recommendation(s) to implement Active Directory authentication on Gentoo? > >> > >> I want to use AD not only for logins, but also for running daemons/services. > >> > >> *Ideally*, it would also allow me to manage my boxen using GPO, but I can live without that. > >> > >> Rgds, > > > I can attest to how awesome sssd is. I use it for linux server to linux > client, but the concept is still the same. > Ahaha, this is what I've been looking for: a recommendation backed by experience ;-) Thanks for the heads up, guys! Honestly, this is the first time I ever heard of SSSD. Sounds very interesting... I'll certainly look into it. Rgds, --20cf302d4dd497ab1104bfd6be05 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


On May 12, 2012 4:28 AM, "Matthew Thode" <prometheanfire@gentoo.org> wrote:
>
> On 05/11/2012 09:51 AM, Vin=C3=ADcius Ferr=C3=A3o wrote:
> > Hello Pandu,
> >
> > I have done a implementation using a daemon named sssd. It's = sponsored by the Fedora Project if I remember correctly.
> >
> > It supports 2008r2 AD without much hassle. I've setup everyth= ing relying on LDAP for information and Kerberos for authentication. So you= don't need things like nss-ldap, nslcd, nscd and other old services. Y= ou can handle almost everything with SSSD. And even better: SSSD supports o= ffline server authentication in the case of your AD is down or not reachabl= e at the moment.
> >
> > I can send you some links in the night (Brazilian night) when I w= ill be at home.
> >
> > Sent from my iPhone
> >
> > On 11/05/2012, at 00:36, Pandu Poluan <pandu@poluan.info> wrote:
> >
> >> Hello list,
> >>
> >> I just want to know, what is your recommendation(s) to implem= ent Active Directory authentication on Gentoo?
> >>
> >> I want to use AD not only for logins, but also for running da= emons/services.
> >>
> >> *Ideally*, it would also allow me to manage my boxen using GP= O, but I can live without that.
> >>
> >> Rgds,
> >
> I can attest to how awesome sssd is. =C2=A0I use it for linux server t= o linux
> client, but the concept is still the same.
>

Ahaha, this is what I've been looking for: a recommendation backed b= y experience ;-)

Thanks for the heads up, guys! Honestly, this is the first time I ever h= eard of SSSD. Sounds very interesting... I'll certainly look into it. <= /p>

Rgds,

--20cf302d4dd497ab1104bfd6be05--