Re: [DNG] Implementing directory services/Kerberos
On September 2, 2018 7:34:50 PM CDT, wirelessd...@gmail.com wrote:
:: I’m looking to setup some sort of directory services/network
:: authentication for users on a small corporate network running Devuan
:: Ascii. Is it recommended to use Kerberos+LDAP?
::
:: Are there any good tutorials out there for setting this up and
:: explaining how it works? Where do people learn this stuff if they
:: have no one else to learn from on the job?
::
:: I have a small amount of experience using Active Directory on a
:: windows network and connecting some Linux servers to that with
:: winbind but no direct experience in managing LDAP or Kerberos
:: directly.
::
:: I have also taken a look at FusionDirectory and it looks relatively
:: simple to use. Does anyone have experience/advice with this or other
:: management interfaces? Implementing plain OpenLDAP and Kerberos
:: directly looked incredibly complex and confusing when I attempted to
:: read some of their documentation a while back.
::
:: Thanks
::
:: —Tom
:: ___
:: Dng mailing list
:: Dng@lists.dyne.org
:: https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
I've used this[1] setup when user accounts are in AD and I want auth users in
Linux via PAM. You need a service account in AD that the saslauthd daemon can
use to handle the password traffic and then provision all your user accounts in
openldap.
This works without needing samba, or SSSD, or Kerberos. Additionally, if AD
falls over for some reason, you just change the userPassword attribute in
openldap from {SASL}user@realm, to a bonafide {SSHA}gobbledeegook and users can
auth again.
[1]
https://blogs.msdn.microsoft.com/alextch/2012/04/25/configuring-openldap-pass-through-authentication-to-active-directory/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] DNG] Migrate from Debian Wheezy to Devuan ASCII
On Mon, Sep 03, 2018 at 10:40:01AM +0200, Stephane Ascoet wrote: > > And when you go wheezy->jessie->ascii, you'll end up with a lot of "undead" > > packages without upgrade candidate or things you put on hold ages ago > > Hi, what? Anyway this should happen then with everyone upgrading years after > years... It does. I keep finding things on my server (whih has been regularly upgraded since at least sarge) that I wonder why they are there. Occasionally one is useful. Usually not. -- hendrik ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] DNG] Migrate from Debian Wheezy to Devuan ASCII
And when you go wheezy->jessie->ascii, you'll end up with a lot of "undead" packages without upgrade candidate or things you put on hold ages ago Hi, what? Anyway this should happen then with everyone upgrading years after years... -- Sincerely, Stephane Ascoet ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Implementing directory services/Kerberos
On Mon, 3 Sep 2018 10:34:50 +1000 wirelessd...@gmail.com wrote: > I’m looking to setup some sort of directory services/network > authentication for users on a small corporate network running Devuan > Ascii. Is it recommended to use Kerberos+LDAP? > > Are there any good tutorials out there for setting this up and > explaining how it works? Where do people learn this stuff if they > have no one else to learn from on the job? > > I have a small amount of experience using Active Directory on a > windows network and connecting some Linux servers to that with > winbind but no direct experience in managing LDAP or Kerberos > directly. > > I have also taken a look at FusionDirectory and it looks relatively > simple to use. Does anyone have experience/advice with this or other > management interfaces? Implementing plain OpenLDAP and Kerberos > directly looked incredibly complex and confusing when I attempted to > read some of their documentation a while back. > > Thanks > > —Tom > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng Seeing as you have some experience with Active Directory, why not use Active Directory, but not from Windows, from Samba. Try having a look here: https://wiki.samba.org/index.php/Main_Page Rowland ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
