On May 11, 2012 9:30 PM, "Brian Kroth" <bpkr...@gmail.com> wrote: > > Pandu Poluan <pa...@poluan.info> 2012-05-11 10:36: > >> Hello list, >> >> I just want to know, what is your recommendation(s) to implement Active >> Directory authentication on Gentoo? > > > Attribute data can be stored/retrieved in ldaps (as in AD usually only allows authenticated binds to retrieve data and it requires an ssl connection to do that, other than that it's really just ldap). > > Authentication can be done either via ldaps or kerberos, though I personally find the later to be extra complication that's usually unnecessary. > > As someone else mentioned, there's a wealth of data out there on how to do this in any number of schemes (eg: libnss-ldap, libpam-ldap, sssd, etc.). > > >> I want to use AD not only for logins, but also for running >> daemons/services. > > > I don't see the distinction. Either way it seems you're concerned with authenticating users and doing attribute lookups on them. > > >> *Ideally*, it would also allow me to manage my boxen using GPO, but I can >> live without that. > > > I'm not personally aware of anything that does that. If there is, it's probably something like redhat/suse specific. > > However, I believe it is possible to use a samba4 host as a domain controller to serve GPs to windows clients. >
PowerBroker (née Likewise) claims that it can manage Linux boxen via GPO... ... but in my case I think I'll just force my subordinates to learn puppet *heh*heh* Rgds,
