[Samba] Linux desktop setup with authentication against Samba AD DC
Kris Lou
klou at themusiclink.net
Mon Dec 2 17:18:33 UTC 2024
Late to the party (Holiday weekend stateside), but been following.
Thanks for doing this -- I did something similar a long time ago with some
rpi4's, using a mix of Openbox, Fluxbox, and SSSD (auth only, local
profiles only). But it was somewhat fragile.
It's been on my todo for quite a while to convert a number of clients to a
more out-of-box Debian, so it's good to see an implementation with more
modern tooling.
Kris Lou
klou at themusiclink.net
On Mon, Dec 2, 2024 at 1:30 AM Peter Milesson via samba <
samba at lists.samba.org> wrote:
>
> On 12/2/24 10:07, Rowland Penny via samba wrote:
> > On Sun, 1 Dec 2024 15:30:46 +0100
> > Peter Milesson via samba <samba at lists.samba.org> wrote:
> >
> >>
> >>
> >> On 01.12.2024 15:14, Rowland Penny via samba wrote:
> >>> On Sat, 30 Nov 2024 19:23:26 +0000
> >>> Rowland Penny via samba <samba at lists.samba.org> wrote:
> >>>
> >>>> On Sat, 30 Nov 2024 19:03:04 +0100
> >>>> Peter Milesson via samba <samba at lists.samba.org> wrote:
> >>>>
> >>>>> Hi Rowland,
> >>>>>
> >>>>> I haven't a deep knowledge of what packages are sufficient, and
> >>>>> which ones are superfluous. I will test the setup without
> >>>>> libpam-krb5.
> >>>>>
> >>>>> About the wiki page, it's Archlinux' AD integration page on
> >>>>> https://wiki.archlinux.org/title/Active_Directory_integration. I
> >>>>> really didn't follow it, and used what I set up on Debian instead.
> >>>>> The Archlinux pam_winbind.conf example will probably break most
> >>>>> kerberized applications, as the place of the Kerberos ticket cache
> >>>>> is non standard. It would be necessary to configure all
> >>>>> applications using cached Kerberos tickets in that case. Even
> >>>>> Archlinux puts the Kerberos ticket cache in /tmp default.
> >>>>> Defaults are there for some reason...
> >>>> Based on what I have been using on Debian for quite some time, I
> >>>> cannot recommend following the Arch Linux wiki page, there are just
> >>>> too many apparent problems.
> >>>>
> >>>> I was going to attempt to use Rocky Linux 9 as client, but
> >>>> pam_mount appears to be only available from EPEL and I cannot
> >>>> easily find hxtools. It appears that redhat is moving away from
> >>>> the desktop and concentrating on servers.
> >>>>
> >>>> Rowland
> >>>>
> >>>>
> >>> Well, the next test was a failure, not in the mount, but in
> >>> usability. Attempting to mount the users desktop on a Debian 12
> >>> Unix domain member with the MATE DE worked up to a point. It mounts
> >>> the directory, but mate-panel keeps segfaulting, the two panels
> >>> keep disappearing and reappearing, and trying to click on anything
> >>> on the panels (when they are visible) is futile.
> >>>
> >>> Lets try the gnome desktop.
> >>>
> >>> Rowland
> >>>
> >>>
> >> Hi Rowland,
> >>
> >> The LXDE desktop works 100%. I haven't used the Mate desktop for many
> >> years, compiled it for Slackware 14.2 the last time, and what I
> >> remember, it was not straight sailing, but worked in the end. I'm not
> >> a great friend of Gnome, so I let be. Maybe I will try KDE, but
> >> that's not a priority. I will however, try LXQt. I use Qt Creator for
> >> programming, so most of the Qt base packages should already be there.
> >>
> >> Good luck with Gnome!
> >>
> >> Peter
> > So, it works with Gnome.
> > It appears that, provided all the required packages can be installed,
> > it will probably work on any distro, I cannot test them all ;-)
> >
> > Rowland
> >
> >
> >
> Oh, c'mon Rowland (^_^)
>
> I'm going to start duplicating from a master image. Let's see what
> surprises I get from UEFI...
>
> Peter
>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list