[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: a wiki detailing how to install a full network using samba active directory

On Sat, Jan 11, 2014 at 11:28 AM, John Griessen <..hidden..> wrote:
On 01/09/2014 11:25 AM, Bob Miller wrote:
> maybe this is helpful, maybe not...
> I built a wiki detailing how to install a full network using samba
> active directory for ldap authentication.  As it pertains to this
> conversation, it uses lsmb 1.3.33 and apache 2.4 on Debian Jessie.
> The trick with using my wiki is that it instructs how to build a fully
> integrated network, so if you want to pull out a standalone install of
> lsmb you may have to hunt around a bit in pages that come before it,
> particularly with the postgres configuration.  And if you aren't using
> ldap authentication, you will have to adjust the recipe according to
> your taste.
> But in the hope that it is useful you can find the lsmb page here:
> http://cocnm.computerisms.ca/index.php/Install_Ledgersmb

Thanks!  What are the pros and cons of ldap authentication?
What is the reason for using samba active directory?

This is to supplement Bob's discussion, so two quick notes.

1.  Long run, I would really like to support Kerberos auth, but I don't yet have a test network set up for that.  Kerberos could also be used to authenticate against AD/Samba, and would have the advantage of re-using network logins, as well as mutual authentication (which is a bit more complicated with LDAP).  If any users want Kerberos auth: I am willing to discount my services significantly to make it happen.

2.  For Active Directory, the key reason why folks use it, is that it has become the de facto way to manage Windows workstations using something called a "group policy object."  This means, effectively, that Windows workstations are managed by AD and one can roll out software or configuration changes to groups of workstations this way.  You can in fact authenticate Windows systems against MIT Kerberos domains, though users with outdated versions may occasionally get heart attacks when changing passwords (https://support.microsoft.com/kb/276304) but you lose group policy object support which is the big issue.

Best Wishes,
Chris Travers

Efficito:  Hosted Accounting and ERP.  Robust and Flexible.  No vendor lock-in.
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today.
Ledger-smb-users mailing list