One other thing...are you modifying the pam.d files directly without using pam-config(8)? If so, IMO, that is probably not a good idea since pam-config tends to clobber manual modifications to the common-{account,auth,password} files and ensures things are properly ordered. -- Later, Darin On Tue, Apr 26, 2016 at 12:16 PM, Darin Perusich <darin@darins.net> wrote:
This looks like a very interesting addition, having battled with configuring nearly all the above on various distros and nearly every version of openSUSE/SUSE since version 9.x. Are you still supporting nss_ldap and pam_ldap, given the PADL code is effictively dead, or has it been removed in favor of SSSD? It also says "single click" for enabling autofs, but it's rarely that easy. Does the module take into account needing to configure autofs_ldap_auth.conf(5) or the various schema object's and attribute's that are defined in /etc/sysconfig/autofs for getting the auto.{master|home|misc} maps?
Personally I'm not a fan of having my Linux/UNIX systems authenticate directly against AD, given the various schema deficiencies and RFC non-compliance. I've always preferred spinning up a couple "real" LDAP servers, shameless plug for ForgeRock's OpenDJ;-), and using Passthru Authentication against AD so users don't need to remember yet another password.
Looking forward to checking this out, thanks for the hard work!
-- Later, Darin
On Tue, Apr 26, 2016 at 10:47 AM, Howard Guo <hguo@suse.com> wrote:
Hello fellow Tumbleweed users.
If you have Windows administration background or have used "authconfig" on other Linux distrubtions, then you might have realised how difficult it is to enroll an openSUSE computer to Microsoft AD or generic LDAP/Kerberos domain - there's no tool to help you.
The situation is about to change soon, although authconfig isn't coming to openSUSE yet, but the latest & comprehensive system authentication configuration editor is coming to Yast, you can track the package progress here: https://build.opensuse.org/request/show/391701
Feature highlights: - Enroll an openSUSE computer to Microsoft AD domain in a three easy point&click steps. - For generic LDAP/Kerberos domain, the simple and intruitive user interface helps entering and validating all essential parameters. - Enable automount for your AutoFS-enabled network via a single click. - The configuration editor is fully compatible with AutoYast, for automated machine provisioning needs.
Enjoy.
Kind regards, Howard -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org