On September 2, 2018 7:34:50 PM CDT, wirelessd...@gmail.com wrote:
:: I’m looking to setup some sort of directory services/network
:: authentication for users on a small corporate network running Devuan
:: Ascii. Is it recommended to use Kerberos+LDAP?
::
:: Are there any good tutorials out there for setting this up and
:: explaining how it works? Where do people learn this stuff if they
:: have no one else to learn from on the job?
::
:: I have a small amount of experience using Active Directory on a
:: windows network and connecting some Linux servers to that with
:: winbind but no direct experience in managing LDAP or Kerberos
:: directly.
::
:: I have also taken a look at FusionDirectory and it looks relatively
:: simple to use. Does anyone have experience/advice with this or other
:: management interfaces? Implementing plain OpenLDAP and Kerberos
:: directly looked incredibly complex and confusing when I attempted to
:: read some of their documentation a while back.
::
:: Thanks
::
:: —Tom
:: _______________________________________________
:: Dng mailing list
:: Dng@lists.dyne.org
:: https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
I've used this[1] setup when user accounts are in AD and I want auth users in
Linux via PAM. You need a service account in AD that the saslauthd daemon can
use to handle the password traffic and then provision all your user accounts in
openldap.
This works without needing samba, or SSSD, or Kerberos. Additionally, if AD
falls over for some reason, you just change the userPassword attribute in
openldap from {SASL}user@realm, to a bonafide {SSHA}gobbledeegook and users can
auth again.
[1]
https://blogs.msdn.microsoft.com/alextch/2012/04/25/configuring-openldap-pass-through-authentication-to-active-directory/
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
