Mailinglist Archive: opensuse (1606 mails)

< Previous Next >
Re: [opensuse] Scope of logins via Windows Active Directory account
  • From: Lars Müller <lmuelle@xxxxxxx>
  • Date: Thu, 4 Sep 2008 11:58:51 +0200
  • Message-id: <20080904095851.GB11563@xxxxxxxxxxxxx>
On Wed, Sep 03, 2008 at 04:23:35PM +0200, Roger Oberholtzer wrote:
Is there any documentation (openSUSE 11.0) on the scope of where you can
do logins authenticated with a Windows Active Directory server?

There is a white paper with focus on SUSE Linux Enterprise 10 and how
much efforts we put into Active Directory integration.

http://www.novell.com/collateral/4622044/4622044.pdf is it. Not sure if
it isn't much to much high level for your case.

For example, you can login via KDE, but not via ssh or at the console.
Unless I am typing something wrong. I thought the Windows authentication
was added to PAM, meaning that anything that uses PAM to authenticate a
user would work.

PAM is very flexible in this regard. Please check /etc/pam.d/ and have
in particular an eye on the common-* files.

Also, which file system accesses can be authenticated this way? After
you log in, I guess (do not know) that file systems (CIFS/SMB) on other
machines that also authenticate in the same domain should be accessible.
Without a password prompt?

Applications like konqueror and nautilus using libsmbclient are able to
use a Kerberos ticket. We've tested and demonstrated this quite heavily.

How about users not logged in that want to access a local CIFS/SMB
share? I would think that they would be prompted and authenticated
against the Windows AD.

What is a 'local' share her? Providedby Samba which isn't a member
server of Active Directory?

Now that I have the login working, I must do more!

I hope you'll have a lot of fun...

Lars
--
Lars Müller [ˈlaː(r)z ˈmʏlɐ]
Samba Team
SuSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany
< Previous Next >
References