Hi MIke Sound really well, any test in debian-edu, I'll begin a round test for Guadalinex (GECOS version), and want to know if a user loged with sssd could access easily to a kerberized CUPS and Samba4.
2012/11/2 Mike Gabriel <[email protected]> > Hi D-E developers, > > cross-posting this piece of information to the d-e ML. > > Mike > > ----- Weitergeleitete Nachricht von [email protected] ----- > Datum: Fri, 21 Sep 2012 16:25:23 -0400 > Von: Stéphane Graber <[email protected]> > Betreff: Samba4 and SSSD > An: Edubuntu Developers > <[email protected].**com<[email protected]> > > > > Hello, > > At last UDS Jonathan gave me a work item to investigate the current > state of samba4 and sssd in Ubuntu 12.10. > > I spent a bit of time the past two days looking at that and doing a > bunch of backports (in a PPA for now) for 12.04. > > samba4 in Ubuntu 12.10 looks pretty good, it's relatively easy to > deploy, if you're lucky, debconf will even do the right thing. > Otherwise, just remove /etc/samba/smb.conf and call > /usr/share/samba/setup/**provision manually. > > Managing samba4 is reasonably easy with the samba-tool command shipped > with samba4. If you need more advanced configuration, the easiest is to > use a Windows machine with the active directory remote support tools > installed. > > The easiest way to get Linux clients to work with samba4 is to start by > creating an unprivileged "binduser" account. > "samba-tool user add binduser" will do that for you. > > Then on the client side, install sssd (apt-get install sssd) and write > something like that in /etc/sssd/sssd.conf: > --- > [sssd] > domains = SAMBA > services = nss, pam > config_file_version = 2 > sbus_timeout = 30 > debug_level = 0 > > [nss] > default_shell = /bin/bash > > [domain/SAMBA] > enumerate = false > cache_credentials = true > fallback_homedir = /home/%u > > id_provider = ldap > auth_provider = krb5 > chpass_provider = krb5 > > dns_discovery_domain = domain.net > krb5_realm = DOMAIN.NET > > ldap_schema = ad > ldap_id_mapping = true > ldap_default_bind_dn = [email protected] > ldap_default_authtok = password > ldap_user_gecos = displayName > ldap_force_upper_case_realm = true > --- > > As you can see, this relies on dns_discovery to find the server. If you > don't have all the right records in your DNS, you should be able to get > around that by also adding: > ldap_uri = ldaps://<ip> > krb5_server = <ip> > > And then remove dns_discovery_domain. > > > I'm still working on getting Edubuntu Server into a nice shape so we can > try and ship it in Edubuntu 13.04 which will include a working samba4 > server and an easy way to configure clients. > > -- > Stéphane Graber > Ubuntu developer > http://www.ubuntu.com > > > > ----- Ende der weitergeleiteten Nachricht ----- > > > -- > > DAS-NETZWERKTEAM > mike gabriel, rothenstein 5, 24214 neudorf-bornstein > fon: +49 (1520) 1976 148 > > GnuPG Key ID 0x25771B31 > mail: mike.gabriel@das-netzwerkteam.**de<[email protected]>, > http://das-netzwerkteam.de > > freeBusy: > https://mail.das-netzwerkteam.**de/freebusy/m.gabriel%40das-** > netzwerkteam.de.xfb<https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb> -- Alejandro Escanero Blanco Consultor de sistemas basados en fuentes abiertas Desarrollador de FusionDirectory (http://www.fusiondirectory.org) Blog: http://www.disasterproject.com Jabber: [email protected]
