[Samba] Linux SSO with samba4?
Andrew Bartlett
abartlet at samba.org
Fri Jul 13 17:23:49 MDT 2012
On Thu, 2012-07-12 at 13:22 +0200, Quinn Plattel wrote:
> Hi,
>
> I think it is great that samba4 has a single sign on solution for Windows
> platforms and it seems to work well too, but I am wondering is it possible
> to do the same for a Linux environment? I have been studying how to
> implement single sign on using the Ubuntu way through this document:
> https://help.ubuntu.com/community/SingleSignOn and I am wondering if I can
> do the same with samba4 where the samba4 just replaces openldap and the
> kerberos server components.
>
> On a windows client, you can login as a user though active directory even
> though that user is not defined locally on the client. Can you do the same
> in a Linux environment? I have done some testing and the results so far
> looks as if it is not quite there yet. For example, if I ssh to a machine
> using kerberos credentials, I cannot ssh to it without have a local account
> defined on that machine. Does a kerberos/ldap solution solve that kind of
> problem?
We recommend and support joining Samba as a domain member to Samba4 for
these situations.
This will handle doing a login with kerberos, including a local kerberos
ticket etc, providing the account via nss and everything else. The
server can be Samba4 or Microsoft's AD.
You may be interested in idmap_ad as an IDMAP module on the clients.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba
mailing list