RE: [opensuse] Re: suse in a windows network (authentication)
For what it's worth, I've never gotten any distribution to communicate well with active directory. I know it can be done and there are many appliances and professionally built server products that work flawlessly.
For what it's worth We have now standardized on Suse servers with samba authenticating to Active Directory for our remote offices. I've been wanting to write a How-to for this, but I need some downtime to do it. But, as always I will try to help anyone who is stuck at a certain point. Cheers, Daniel
That would be fantastic. As a matter of fact what I've often thought of, but don't have talent to write, would be a batch file or something that would generate the necessary information to translate from Windows to Samba, so you don't have to dragged into the competing nomenclature. Please post it to the list or wiki if you get chance Daniel! Thanks, Sander On 11/1/05, Daniel Hatfield <daniel@n8ture4play.org> wrote:
For what it's worth, I've never gotten any distribution to communicate well with active directory. I know it can be done and there are many appliances and professionally built server products that work flawlessly.
For what it's worth We have now standardized on Suse servers with samba authenticating to Active Directory for our remote offices.
I've been wanting to write a How-to for this, but I need some downtime to do it. But, as always I will try to help anyone who is stuck at a certain point.
Cheers, Daniel
--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-unsubscribe@opensuse.org For additional commands, e-mail: opensuse-help@opensuse.org
On 02/11/05, Daniel Hatfield <daniel@n8ture4play.org> wrote:
For what it's worth, I've never gotten any distribution to communicate well with active directory. I know it can be done and there are many appliances and professionally built server products that work flawlessly.
For what it's worth We have now standardized on Suse servers with samba authenticating to Active Directory for our remote offices.
I've been wanting to write a How-to for this, but I need some downtime to do it. But, as always I will try to help anyone who is stuck at a certain point.
I just recently created the SUSE Interoperability Project (sounds fancy, but at this point it is a wiki page at http://www.opensuse.org/SINTEROP), it is not linked to from anywhere yet. The project goals are to provide tested and documented solutions for SUSE to interoperate in an IT environment dominated by other vendors. Initially focused on SUSE Linux 10.0 in a Microsoft environment. Needless to say, anybody and everybody is not just welcomed but encouraged to contribute, both in terms of howtos but also feedback from using the information in your environment. Peter 'Pflodo' Flodin
that is great news :) I know the microsoft guide linked in the wiki. It contains a lot of useful information but it has one major drawback. ---snip --- Security Configuration By default, Active Directory on Windows Server 2003 does not permit anonymous operations on the LDAP directory other than rootDSE searches. UNIX and Linux computers must be capable of browsing Active Directory to access UNIX Authentication and Authorization data. This data is required before a user logs in to the system. Therefore, the credentials of a domain user cannot be used to bind to Active Directory for searching. There are two main solutions to this problem: • Configure Active Directory to allow anonymous browsing. • Create a special Windows user account that is authorized to browse the Active Directory and then configure the UNIX and Linux operating systems to authenticate to Active Directory as this user. --- snip --- the first "solution" is unacceptable. The second solution requires a locally stored plaintext password file (ldap.secret). A more desireable solution would be to take the user's kerberos credidentials to access the ldap service on the domain controler. Unfortunately this approach is not covered in the guide as far as I can remember :-/ /R. 2005/11/2, Peter Flodin <pflodin@gmail.com>:
I just recently created the SUSE Interoperability Project (sounds fancy, but at this point it is a wiki page at http://www.opensuse.org/SINTEROP), it is not linked to from anywhere yet. The project goals are to provide tested and documented solutions for SUSE to interoperate in an IT environment dominated by other vendors. Initially focused on SUSE Linux 10.0 in a Microsoft environment.
Needless to say, anybody and everybody is not just welcomed but encouraged to contribute, both in terms of howtos but also feedback from using the information in your environment.
Peter 'Pflodo' Flodin
participants (4)
-
Alexander Antoniades -
Daniel Hatfield -
Peter Flodin -
Roman Sommer