[Samba] Samba AD PDC , LDAP and Single-Sign-On (was: re: Samba Internal DNS vs. BIND_DLZ)

Guilherme Boing kolt+samba at frag.com.br
Thu Oct 8 10:33:51 UTC 2015


This is how I am authenticating users on OpenSSH with Samba4 AD without
joining the linux server to the domain http://pastebin.ca/3185321



On Thu, Oct 8, 2015 at 12:16 AM, Mark Foley <mfoley at ohprs.org> wrote:

> I'm very confused. I have a Samba4 AD/DC which works great for Windows
> Authentication with our Windows 7 workstations.
>
> Now, I am trying to implement single-sign-on for our coming-soon Linux
> workstations.
> All web documentation I've so far found on this references OpenLDAP as the
> server
> and describes server-side commands such as kadmin and slapd-config to get
> things
> set up on the server-side (e.g.
> https://help.ubuntu.com/community/SingleSignOn)
> which don't exist on the Samba4 AD/DC.
>
> Samaba4 apparently has it's own LDAP (Heimdal?) implementation.  Does this
> mean
> everything should "just work" with LDAP clients and I need do no further
> server-side configuration? Or does it mean, "sorry, you can't do LDAP
> Authentication with Samba4."
>
> Please clarify so I can make some decisions.
>
> btw - the following command *does* work from a Linux client on the network:
>
> ldapsearch -xLLL -H ldap://mail:389 -D
> "cn=Administrator,CN=Users,dc=HPRS,dc=local" -W -b "dc=HPRS,dc=local"
>
> --Mark
>
> -----Original Message-----
> > From: "L.P.H. van Belle" <belle at bazuin.nl>
> > To: "samba at lists.samba.org" <samba at lists.samba.org>
> > Date: Tue, 1 Sep 2015 08:21:27 +0200
> > Subject: Re: [Samba] Samba AD PDC , LDAP and Single-Sign-On (was: re:
> Samba Internal DNS vs. BIND_DLZ)
> >
> > Hai Jim,
> >
> > what is your looking for.
> > Im using a SSO for my Zarafa mail server.
> >
> > Greetz,
> >
> > Louis
> >
> > >-----Oorspronkelijk bericht-----
> > >Van: samba [mailto:samba-bounces at lists.samba.org] Namens Jim Seymour
> > >Verzonden: maandag 31 augustus 2015 21:21
> > >Aan: samba at lists.samba.org
> > >Onderwerp: [Samba] Samba AD PDC , LDAP and Single-Sign-On
> > >(was: re: Samba Internal DNS vs. BIND_DLZ)
> > >
> > >On Thu, 27 Aug 2015 23:03:39 -0400
> > >Robert Moskowitz <rgm at htt-consult.com> wrote:
> > >
> > >>
> > >> On 08/27/2015 08:45 PM, Jim Seymour wrote:
> > >> > On Thu, 27 Aug 2015 17:00:28 -0400
> > >> > Robert Moskowitz <rgm at htt-consult.com> wrote:
> > >> >
> > >> >> Ah, LDAP is included within Samba, I find.  Don't install provided
> > >> >> one...
> > >[snip]
> > >> >
> > >> > We *require*, not desire, but *require* OpenLDAP.  OpenLDAP is used
> > >> > for, amongst other things, a Corporate email address book
> > >and by the
> > >> > RADIUS server.  Eventually the entire set of network directory data
> > >> > that currently resides in and is served by NIS+ will be in LDAP.
> > >>
> > >> This is what runs on your DC.  I suspect you can use slapd to do any
> > >> syncing with OpenLDAP on other machines.
> > >[snip]
> > >
> > >I suspect this is not going in the direction I'd envisioned.
> > >
> > >The Plan was an AD PDC that used OpenLDAP.  That way: OpenLDAP data,
> > >replicated to the mail server, could be used for sign-on there, too.
> > >
> > >Somewhere somebody recently mentioned a single-sign-on doc.  I'll have
> > >to hunt that down and take a look.
> > >
> > >Thanks,
> > >Jim
> > >--
> > >Note: My mail server employs *very* aggressive anti-spam
> > >filtering.  If you reply to this email and your email is
> > >rejected, please accept my apologies and let me know via my
> > >web form at <http://jimsun.LinxNet.com/contact/scform.php>.
> > >
> > >--
> > >To unsubscribe from this list go to the following URL and read the
> > >instructions:  https://lists.samba.org/mailman/options/samba
> > >
> > >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list