One site I worked at used a software, I cannot remember which one, but I'm
surprised I only saw one mention of sssd and none of freeIPA. FreeIPA wants to
replace AD, but I believe there is a way to configure it to make it have a
"trust relationship" with AD, which might work for this (WARNING: I h
kthorne ; LOPSA Technical Discussions
Subject: Re: [lopsa-tech] Ubuntu and AD
We use Likewise/PBIS, and it works well for us:
https://www.powerbrokeropen.org/
--Ted
On 2016-08-08 16:33, Morgan Blackthorne wrote:
> So at $JOB we're running some Ubuntu 14.04 and 16.04 boxes that
I personally believe that winbind is only useful if the NIS schema
extensions are not loaded into AD, and the AD administrators are
unwilling to do so. They used to be part of Services for UNIX (SFU), but
its been a while.
On 08/09/2016 03:01 PM, Morgan Blackthorne wrote:
> Yeah, we have one box
Yeah, we have one box set up with winbind right now. It's definitely not
how I want to do things. We've had to restart it a few times because it
chewed up too many inodes. Not something I want to expand to all of our
Linux boxes.
On Tue, Aug 9, 2016 at 11:53 AM, David Lang wrote:
> On Mon, 8 Aug
On Mon, 8 Aug 2016, Morgan Blackthorne wrote:
So at $JOB we're running some Ubuntu 14.04 and 16.04 boxes that we'd like
to integrate with AD authentication. I've previously done this at $JOB-2
with a mix of nss-ldap, sssd, and pam_ldap, but we were supporting a lot of
different distributions.
W
We use pam_ldap without issues. We use puppet to manage the config
distribution.
Caveat: we authenticate against OpenLDAP and not AD.
-nick
—
Nick Peelman
n...@peelman.us
> On Aug 9, 2016, at 9:32 AM, John Jasen wrote:
>
> On 08/08/2016 07:33 PM, Morgan Blackthorne wrote:
>
>> So at $JO
On 08/08/2016 07:33 PM, Morgan Blackthorne wrote:
> So at $JOB we're running some Ubuntu 14.04 and 16.04 boxes that we'd
> like to integrate with AD authentication. I've previously done this at
> $JOB-2 with a mix of nss-ldap, sssd, and pam_ldap, but we were
> supporting a lot of different distrib
This should get you going in no time.
#!/bin/sh
cd ~
wget '
http://download.beyondtrust.com/PBISO/8.3/pbis-open-8.3.0.3287.linux.x86_64.deb.sh
'
bash 'pbis-open-8.3.0.3287.linux.x86_64.deb.sh'
/opt/pbis/bin/domainjoin-cli join [domain] administrator@[domain]
#
/opt/pbis/bin/config UserDomainPrefi
Easy to bypass that by setting the default domain. I'll post a quick setup
in a minute.
On Aug 8, 2016 8:41 PM, "Morgan Blackthorne"
wrote:
> So looking at PBIS it looks like the username would be domain\\user over
> ssh, is that correct? That seems a little odd, but I'll likely play with
> that
So looking at PBIS it looks like the username would be domain\\user over
ssh, is that correct? That seems a little odd, but I'll likely play with
that over the next few days. Looks like there's a chef cookbook for that
already which should help a bit.
On Mon, Aug 8, 2016 at 5:39 PM, Derek Murawsky
Don't even try to do it manually. Powerbroker is the way to go. PBIS took a
dozen minutes to configure and even gave me keberos auth with ad, no extra
work. (No passwords/keys, just kerb ticket).
On Aug 8, 2016 7:42 PM, "Ted Cabeen" wrote:
> We use Likewise/PBIS, and it works well for us:
> http
We use Likewise/PBIS, and it works well for us:
https://www.powerbrokeropen.org/
--Ted
On 2016-08-08 16:33, Morgan Blackthorne wrote:
So at $JOB we're running some Ubuntu 14.04 and 16.04 boxes that we'd
like to integrate with AD authentication. I've previously done this at
$JOB-2 with a mix of
12 matches
Mail list logo
