samba - Dec 2024 - Linux desktop setup with authentication against Samba AD DC

On Sun, 1 Dec 2024 15:30:46 +0100
Peter Milesson via samba <samba at lists.samba.org> wrote:
> 
> 
> 
> On 01.12.2024 15:14, Rowland Penny via samba wrote:
> > On Sat, 30 Nov 2024 19:23:26 +0000
> > Rowland Penny via samba <samba at lists.samba.org> wrote:
> >
> >> On Sat, 30 Nov 2024 19:03:04 +0100
> >> Peter Milesson via samba <samba at lists.samba.org> wrote:
> >>
> >>> Hi Rowland,
> >>>
> >>> I haven't a deep knowledge of what packages are
sufficient, and
> >>> which ones are superfluous. I will test the setup without
> >>> libpam-krb5.
> >>>
> >>> About the wiki page, it's Archlinux' AD integration
page on
> >>> https://wiki.archlinux.org/title/Active_Directory_integration.
I
> >>> really didn't follow it, and used what I set up on Debian
instead.
> >>> The Archlinux pam_winbind.conf example will probably break
most
> >>> kerberized applications, as the place of the Kerberos ticket
cache
> >>> is non standard. It would be necessary to configure all
> >>> applications using cached Kerberos tickets in that case. Even
> >>> Archlinux puts the Kerberos ticket cache in /tmp default.
> >>> Defaults are there for some reason...
> >> Based on what I have been using on Debian for quite some time, I
> >> cannot recommend following the Arch Linux wiki page, there are
just
> >> too many apparent problems.
> >>
> >> I was going to attempt to use Rocky Linux 9 as client, but
> >> pam_mount appears to be only available from EPEL and I cannot
> >> easily find hxtools. It appears that redhat is moving away from
> >> the desktop and concentrating on servers.
> >>
> >> Rowland
> >>   
> >>
> > Well, the next test was a failure, not in the mount, but in
> > usability. Attempting to mount the users desktop on a Debian 12
> > Unix domain member with the MATE DE worked up to a point. It mounts
> > the directory, but mate-panel keeps segfaulting, the two panels
> > keep disappearing and reappearing, and trying to click on anything
> > on the panels (when they are visible) is futile.
> >
> > Lets try the gnome desktop.
> >
> > Rowland
> >   
> >
> Hi Rowland,
> 
> The LXDE desktop works 100%. I haven't used the Mate desktop for many 
> years, compiled it for Slackware 14.2 the last time, and what I 
> remember, it was not straight sailing, but worked in the end. I'm not
> a great friend of Gnome, so I let be. Maybe I will try KDE, but
> that's not a priority. I will however, try LXQt. I use Qt Creator for
> programming, so most of the Qt base packages should already be there.
> 
> Good luck with Gnome!
> 
> Peter
So, it works with Gnome.
It appears that, provided all the required packages can be installed,
it will probably work on any distro, I cannot test them all ;-)

Rowland

On 12/2/24 10:07, Rowland Penny via samba wrote:
> On Sun, 1 Dec 2024 15:30:46 +0100
> Peter Milesson via samba <samba at lists.samba.org> wrote:
>
>>
>>
>> On 01.12.2024 15:14, Rowland Penny via samba wrote:
>>> On Sat, 30 Nov 2024 19:23:26 +0000
>>> Rowland Penny via samba <samba at lists.samba.org> wrote:
>>>
>>>> On Sat, 30 Nov 2024 19:03:04 +0100
>>>> Peter Milesson via samba <samba at lists.samba.org>
wrote:
>>>>
>>>>> Hi Rowland,
>>>>>
>>>>> I haven't a deep knowledge of what packages are
sufficient, and
>>>>> which ones are superfluous. I will test the setup without
>>>>> libpam-krb5.
>>>>>
>>>>> About the wiki page, it's Archlinux' AD integration
page on
>>>>>
https://wiki.archlinux.org/title/Active_Directory_integration. I
>>>>> really didn't follow it, and used what I set up on
Debian instead.
>>>>> The Archlinux pam_winbind.conf example will probably break
most
>>>>> kerberized applications, as the place of the Kerberos
ticket cache
>>>>> is non standard. It would be necessary to configure all
>>>>> applications using cached Kerberos tickets in that case.
Even
>>>>> Archlinux puts the Kerberos ticket cache in /tmp default.
>>>>> Defaults are there for some reason...
>>>> Based on what I have been using on Debian for quite some time,
I
>>>> cannot recommend following the Arch Linux wiki page, there are
just
>>>> too many apparent problems.
>>>>
>>>> I was going to attempt to use Rocky Linux 9 as client, but
>>>> pam_mount appears to be only available from EPEL and I cannot
>>>> easily find hxtools. It appears that redhat is moving away from
>>>> the desktop and concentrating on servers.
>>>>
>>>> Rowland
>>>>    
>>>>
>>> Well, the next test was a failure, not in the mount, but in
>>> usability. Attempting to mount the users desktop on a Debian 12
>>> Unix domain member with the MATE DE worked up to a point. It mounts
>>> the directory, but mate-panel keeps segfaulting, the two panels
>>> keep disappearing and reappearing, and trying to click on anything
>>> on the panels (when they are visible) is futile.
>>>
>>> Lets try the gnome desktop.
>>>
>>> Rowland
>>>    
>>>
>> Hi Rowland,
>>
>> The LXDE desktop works 100%. I haven't used the Mate desktop for
many
>> years, compiled it for Slackware 14.2 the last time, and what I
>> remember, it was not straight sailing, but worked in the end. I'm
not
>> a great friend of Gnome, so I let be. Maybe I will try KDE, but
>> that's not a priority. I will however, try LXQt. I use Qt Creator
for
>> programming, so most of the Qt base packages should already be there.
>>
>> Good luck with Gnome!
>>
>> Peter
> So, it works with Gnome.
> It appears that, provided all the required packages can be installed,
> it will probably work on any distro, I cannot test them all ;-)
>
> Rowland
>
>
>
Oh, c'mon Rowland (^_^)

I'm going to start duplicating from a master image. Let's see what 
surprises I get from UEFI...

Peter