Rowland Penny
2024-Nov-30 19:23 UTC
[Samba] Linux desktop setup with authentication against Samba AD DC
On Sat, 30 Nov 2024 19:03:04 +0100 Peter Milesson via samba <samba at lists.samba.org> wrote:> Hi Rowland, > > I haven't a deep knowledge of what packages are sufficient, and which > ones are superfluous. I will test the setup without libpam-krb5. > > About the wiki page, it's Archlinux' AD integration page on > https://wiki.archlinux.org/title/Active_Directory_integration. I > really didn't follow it, and used what I set up on Debian instead. > The Archlinux pam_winbind.conf example will probably break most > kerberized applications, as the place of the Kerberos ticket cache is > non standard. It would be necessary to configure all applications > using cached Kerberos tickets in that case. Even Archlinux puts the > Kerberos ticket cache in /tmp default. Defaults are there for some > reason...Based on what I have been using on Debian for quite some time, I cannot recommend following the Arch Linux wiki page, there are just too many apparent problems. I was going to attempt to use Rocky Linux 9 as client, but pam_mount appears to be only available from EPEL and I cannot easily find hxtools. It appears that redhat is moving away from the desktop and concentrating on servers. Rowland
Rowland Penny
2024-Dec-01 14:14 UTC
[Samba] Linux desktop setup with authentication against Samba AD DC
On Sat, 30 Nov 2024 19:23:26 +0000 Rowland Penny via samba <samba at lists.samba.org> wrote:> On Sat, 30 Nov 2024 19:03:04 +0100 > Peter Milesson via samba <samba at lists.samba.org> wrote: > > > Hi Rowland, > > > > I haven't a deep knowledge of what packages are sufficient, and > > which ones are superfluous. I will test the setup without > > libpam-krb5. > > > > About the wiki page, it's Archlinux' AD integration page on > > https://wiki.archlinux.org/title/Active_Directory_integration. I > > really didn't follow it, and used what I set up on Debian instead. > > The Archlinux pam_winbind.conf example will probably break most > > kerberized applications, as the place of the Kerberos ticket cache > > is non standard. It would be necessary to configure all applications > > using cached Kerberos tickets in that case. Even Archlinux puts the > > Kerberos ticket cache in /tmp default. Defaults are there for some > > reason... > > Based on what I have been using on Debian for quite some time, I > cannot recommend following the Arch Linux wiki page, there are just > too many apparent problems. > > I was going to attempt to use Rocky Linux 9 as client, but pam_mount > appears to be only available from EPEL and I cannot easily find > hxtools. It appears that redhat is moving away from the desktop and > concentrating on servers. > > Rowland > >Well, the next test was a failure, not in the mount, but in usability. Attempting to mount the users desktop on a Debian 12 Unix domain member with the MATE DE worked up to a point. It mounts the directory, but mate-panel keeps segfaulting, the two panels keep disappearing and reappearing, and trying to click on anything on the panels (when they are visible) is futile. Lets try the gnome desktop. Rowland