1 |
Pandu Poluan <pandu@××××××.info> 2012-05-11 10:36: |
2 |
> Hello list, |
3 |
> |
4 |
> I just want to know, what is your recommendation(s) to implement Active |
5 |
> Directory authentication on Gentoo? |
6 |
|
7 |
Attribute data can be stored/retrieved in ldaps (as in AD usually only |
8 |
allows authenticated binds to retrieve data and it requires an ssl |
9 |
connection to do that, other than that it's really just ldap). |
10 |
|
11 |
Authentication can be done either via ldaps or kerberos, though I |
12 |
personally find the later to be extra complication that's usually |
13 |
unnecessary. |
14 |
|
15 |
As someone else mentioned, there's a wealth of data out there on how to |
16 |
do this in any number of schemes (eg: libnss-ldap, libpam-ldap, sssd, |
17 |
etc.). |
18 |
|
19 |
> I want to use AD not only for logins, but also for running |
20 |
> daemons/services. |
21 |
|
22 |
I don't see the distinction. Either way it seems you're concerned with |
23 |
authenticating users and doing attribute lookups on them. |
24 |
|
25 |
> *Ideally*, it would also allow me to manage my boxen using GPO, but I can |
26 |
> live without that. |
27 |
|
28 |
I'm not personally aware of anything that does that. If there is, it's |
29 |
probably something like redhat/suse specific. |
30 |
|
31 |
However, I believe it is possible to use a samba4 host as a domain |
32 |
controller to serve GPs to windows clients. |
33 |
|
34 |
Cheers, |
35 |
Brian |