On Wed, Sep 03, 2008 at 04:23:35PM +0200, Roger Oberholtzer wrote:
Is there any documentation (openSUSE 11.0) on the scope of where you can do logins authenticated with a Windows Active Directory server?
There is a white paper with focus on SUSE Linux Enterprise 10 and how much efforts we put into Active Directory integration. http://www.novell.com/collateral/4622044/4622044.pdf is it. Not sure if it isn't much to much high level for your case.
For example, you can login via KDE, but not via ssh or at the console. Unless I am typing something wrong. I thought the Windows authentication was added to PAM, meaning that anything that uses PAM to authenticate a user would work.
PAM is very flexible in this regard. Please check /etc/pam.d/ and have in particular an eye on the common-* files.
Also, which file system accesses can be authenticated this way? After you log in, I guess (do not know) that file systems (CIFS/SMB) on other machines that also authenticate in the same domain should be accessible. Without a password prompt?
Applications like konqueror and nautilus using libsmbclient are able to use a Kerberos ticket. We've tested and demonstrated this quite heavily.
How about users not logged in that want to access a local CIFS/SMB share? I would think that they would be prompted and authenticated against the Windows AD.
What is a 'local' share her? Providedby Samba which isn't a member server of Active Directory?
Now that I have the login working, I must do more!
I hope you'll have a lot of fun... Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team SuSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany