On Sat, Jan 11, 2014 at 11:28 AM, John Griessen <j...@industromatic.com>wrote:
> On 01/09/2014 11:25 AM, Bob Miller wrote:
> > maybe this is helpful, maybe not...
> >
> > I built a wiki detailing how to install a full network using samba
> > active directory for ldap authentication. As it pertains to this
> > conversation, it uses lsmb 1.3.33 and apache 2.4 on Debian Jessie.
> >
> > The trick with using my wiki is that it instructs how to build a fully
> > integrated network, so if you want to pull out a standalone install of
> > lsmb you may have to hunt around a bit in pages that come before it,
> > particularly with the postgres configuration. And if you aren't using
> > ldap authentication, you will have to adjust the recipe according to
> > your taste.
> >
> > But in the hope that it is useful you can find the lsmb page here:
> >
> > http://cocnm.computerisms.ca/index.php/Install_Ledgersmb
>
> Thanks! What are the pros and cons of ldap authentication?
> What is the reason for using samba active directory?
>
This is to supplement Bob's discussion, so two quick notes.
1. Long run, I would really like to support Kerberos auth, but I don't yet
have a test network set up for that. Kerberos could also be used to
authenticate against AD/Samba, and would have the advantage of re-using
network logins, as well as mutual authentication (which is a bit more
complicated with LDAP). If any users want Kerberos auth: I am willing to
discount my services significantly to make it happen.
2. For Active Directory, the key reason why folks use it, is that it has
become the de facto way to manage Windows workstations using something
called a "group policy object." This means, effectively, that Windows
workstations are managed by AD and one can roll out software or
configuration changes to groups of workstations this way. You can in fact
authenticate Windows systems against MIT Kerberos domains, though users
with outdated versions may occasionally get heart attacks when changing
passwords (https://support.microsoft.com/kb/276304) but you lose group
policy object support which is the big issue.
--
Best Wishes,
Chris Travers
Efficito: Hosted Accounting and ERP. Robust and Flexible. No vendor
lock-in.
http://www.efficito.com/learn_more.shtml
------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today.
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
Ledger-smb-users mailing list
Ledger-smb-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ledger-smb-users
