On Thu, 2012-07-12 at 13:22 +0200, Quinn Plattel wrote: > Hi, > > I think it is great that samba4 has a single sign on solution for Windows > platforms and it seems to work well too, but I am wondering is it possible > to do the same for a Linux environment? I have been studying how to > implement single sign on using the Ubuntu way through this document: > https://help.ubuntu.com/community/SingleSignOn and I am wondering if I can > do the same with samba4 where the samba4 just replaces openldap and the > kerberos server components. > > On a windows client, you can login as a user though active directory even > though that user is not defined locally on the client. Can you do the same > in a Linux environment? I have done some testing and the results so far > looks as if it is not quite there yet. For example, if I ssh to a machine > using kerberos credentials, I cannot ssh to it without have a local account > defined on that machine. Does a kerberos/ldap solution solve that kind of > problem?
We recommend and support joining Samba as a domain member to Samba4 for these situations. This will handle doing a login with kerberos, including a local kerberos ticket etc, providing the account via nss and everything else. The server can be Samba4 or Microsoft's AD. You may be interested in idmap_ad as an IDMAP module on the clients. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
