[Samba] Samba AD PDC , LDAP and Single-Sign-On

Mark Foley mfoley at ohprs.org
Thu Oct 8 20:17:25 UTC 2015 

On Oct 8 2015 09:32 Rowlan Penny wrote:

> It might help if you were to explain just what you require from single-sign-on ?

Well, perhaps I'm mistaken, but is this not the #1 reason to install Samba4?
>From reading this list over the past couple of months it does not seem that
Authenticating users on Windows workstations is the main thing people do.  But,
is not the ability to authenticate user logins from any (Linux or Windows)
workstation in the domain the chief purpose of Samab4? If not, please straighten
me out.  What's it good for?

As to what *I* require, scenario: I am sitting at a linux workstation on our
office network, any linux workstation, not just the one in *my* office.  I have
a login prompt.  I don't have a specific local account configured in /etc/passwd
on this particular workstation.  I log in using my ID/PW which is authenticated
centrally (presumably via the Samba4 AD/DC), and I'm logged in! I'm not quite sure
where I'm logged into yet, but I'll cross that bridge when I come to it. 

In Windows, using Samba4 AD/DC, this is a snap.  I just join the domain via
Start > Computer > Properties > Advanced System Settings > Computer Name >
Change, and click 'Domain'.  I have to fill in the domain name, enter the Domain
Administrator credentials and I'm done.  Now, any domain user can log into any
Windows workstation anywhere on the domain. 

That's basically what I want to do with Linux workstations. I need to sort this
out because we are looking at replacing Windows workstations with Linux
workstations.

I will investigate the recommendations posted by L.P.H. van Belle and Guilherme
Boing and see if I can make some headway. 

> Date: Thu, 08 Oct 2015 09:32:31 +0100
> From: Rowland Penny <rowlandpenny241155 at gmail.com>
> To: samba at lists.samba.org
> Subject: Re: [Samba] Samba AD PDC , LDAP and Single-Sign-On
>
> On 08/10/15 04:16, Mark Foley wrote:
> > I'm very confused. I have a Samba4 AD/DC which works great for Windows
> > Authentication with our Windows 7 workstations.
> >
> > Now, I am trying to implement single-sign-on for our coming-soon Linux workstations.
>
> It might help if you were to explain just what you require from 
> single-sign-on ?
>
> Rowland
>
> > All web documentation I've so far found on this references OpenLDAP as the server
> > and describes server-side commands such as kadmin and slapd-config to get things
> > set up on the server-side (e.g. https://help.ubuntu.com/community/SingleSignOn)
> > which don't exist on the Samba4 AD/DC.
> >
> > Samaba4 apparently has it's own LDAP (Heimdal?) implementation.  Does this mean
> > everything should "just work" with LDAP clients and I need do no further
> > server-side configuration? Or does it mean, "sorry, you can't do LDAP
> > Authentication with Samba4."
> >
> > Please clarify so I can make some decisions.
> >
> > btw - the following command *does* work from a Linux client on the network:
> >
> > ldapsearch -xLLL -H ldap://mail:389 -D "cn=Administrator,CN=Users,dc=HPRS,dc=local" -W -b "dc=HPRS,dc=local"
> >
> > --Mark
> >
> >
> >
>
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list