1 |
On May 11, 2012 9:30 PM, "Brian Kroth" <bpkroth@×××××.com> wrote: |
2 |
> |
3 |
> Pandu Poluan <pandu@××××××.info> 2012-05-11 10:36: |
4 |
> |
5 |
>> Hello list, |
6 |
>> |
7 |
>> I just want to know, what is your recommendation(s) to implement Active |
8 |
>> Directory authentication on Gentoo? |
9 |
> |
10 |
> |
11 |
> Attribute data can be stored/retrieved in ldaps (as in AD usually only |
12 |
allows authenticated binds to retrieve data and it requires an ssl |
13 |
connection to do that, other than that it's really just ldap). |
14 |
> |
15 |
> Authentication can be done either via ldaps or kerberos, though I |
16 |
personally find the later to be extra complication that's usually |
17 |
unnecessary. |
18 |
> |
19 |
> As someone else mentioned, there's a wealth of data out there on how to |
20 |
do this in any number of schemes (eg: libnss-ldap, libpam-ldap, sssd, etc.). |
21 |
> |
22 |
> |
23 |
>> I want to use AD not only for logins, but also for running |
24 |
>> daemons/services. |
25 |
> |
26 |
> |
27 |
> I don't see the distinction. Either way it seems you're concerned with |
28 |
authenticating users and doing attribute lookups on them. |
29 |
> |
30 |
> |
31 |
>> *Ideally*, it would also allow me to manage my boxen using GPO, but I |
32 |
can |
33 |
>> live without that. |
34 |
> |
35 |
> |
36 |
> I'm not personally aware of anything that does that. If there is, it's |
37 |
probably something like redhat/suse specific. |
38 |
> |
39 |
> However, I believe it is possible to use a samba4 host as a domain |
40 |
controller to serve GPs to windows clients. |
41 |
> |
42 |
|
43 |
PowerBroker (née Likewise) claims that it can manage Linux boxen via GPO... |
44 |
|
45 |
... but in my case I think I'll just force my subordinates to learn puppet |
46 |
*heh*heh* |
47 |
|
48 |
Rgds, |