[Samba] Samba AD PDC , LDAP and Single-Sign-On (was: re: Samba Internal DNS vs. BIND_DLZ)
Mark Foley
mfoley at ohprs.org
Thu Oct 8 03:16:42 UTC 2015
I'm very confused. I have a Samba4 AD/DC which works great for Windows
Authentication with our Windows 7 workstations.
Now, I am trying to implement single-sign-on for our coming-soon Linux workstations.
All web documentation I've so far found on this references OpenLDAP as the server
and describes server-side commands such as kadmin and slapd-config to get things
set up on the server-side (e.g. https://help.ubuntu.com/community/SingleSignOn)
which don't exist on the Samba4 AD/DC.
Samaba4 apparently has it's own LDAP (Heimdal?) implementation. Does this mean
everything should "just work" with LDAP clients and I need do no further
server-side configuration? Or does it mean, "sorry, you can't do LDAP
Authentication with Samba4."
Please clarify so I can make some decisions.
btw - the following command *does* work from a Linux client on the network:
ldapsearch -xLLL -H ldap://mail:389 -D "cn=Administrator,CN=Users,dc=HPRS,dc=local" -W -b "dc=HPRS,dc=local"
--Mark
-----Original Message-----
> From: "L.P.H. van Belle" <belle at bazuin.nl>
> To: "samba at lists.samba.org" <samba at lists.samba.org>
> Date: Tue, 1 Sep 2015 08:21:27 +0200
> Subject: Re: [Samba] Samba AD PDC , LDAP and Single-Sign-On (was: re: Samba Internal DNS vs. BIND_DLZ)
>
> Hai Jim,
>
> what is your looking for.
> Im using a SSO for my Zarafa mail server.
>
> Greetz,
>
> Louis
>
> >-----Oorspronkelijk bericht-----
> >Van: samba [mailto:samba-bounces at lists.samba.org] Namens Jim Seymour
> >Verzonden: maandag 31 augustus 2015 21:21
> >Aan: samba at lists.samba.org
> >Onderwerp: [Samba] Samba AD PDC , LDAP and Single-Sign-On
> >(was: re: Samba Internal DNS vs. BIND_DLZ)
> >
> >On Thu, 27 Aug 2015 23:03:39 -0400
> >Robert Moskowitz <rgm at htt-consult.com> wrote:
> >
> >>
> >> On 08/27/2015 08:45 PM, Jim Seymour wrote:
> >> > On Thu, 27 Aug 2015 17:00:28 -0400
> >> > Robert Moskowitz <rgm at htt-consult.com> wrote:
> >> >
> >> >> Ah, LDAP is included within Samba, I find. Don't install provided
> >> >> one...
> >[snip]
> >> >
> >> > We *require*, not desire, but *require* OpenLDAP. OpenLDAP is used
> >> > for, amongst other things, a Corporate email address book
> >and by the
> >> > RADIUS server. Eventually the entire set of network directory data
> >> > that currently resides in and is served by NIS+ will be in LDAP.
> >>
> >> This is what runs on your DC. I suspect you can use slapd to do any
> >> syncing with OpenLDAP on other machines.
> >[snip]
> >
> >I suspect this is not going in the direction I'd envisioned.
> >
> >The Plan was an AD PDC that used OpenLDAP. That way: OpenLDAP data,
> >replicated to the mail server, could be used for sign-on there, too.
> >
> >Somewhere somebody recently mentioned a single-sign-on doc. I'll have
> >to hunt that down and take a look.
> >
> >Thanks,
> >Jim
> >--
> >Note: My mail server employs *very* aggressive anti-spam
> >filtering. If you reply to this email and your email is
> >rejected, please accept my apologies and let me know via my
> >web form at <http://jimsun.LinxNet.com/contact/scform.php>.
> >
> >--
> >To unsubscribe from this list go to the following URL and read the
> >instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list