Language:
switch to room list switch to menu My folders
Go to page: First ... 83 84 85 86 [87] 88 89 90 91 ... Last
[#] Mon Oct 01 2012 17:33:48 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

I'm wondering if anyone has ever configured Samba with a tdbsam backend and *not* written a HOWTO about it? Geez, how many people can write the same damn article...

[#] Mon Oct 01 2012 18:09:31 EDT from the_mgt @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

I wrote this about Samba4 http://en.gentoo-wiki.com/wiki/Samba4_as_Active_Directory_Server if you like something different. That's basically the AD system I am using with citadel. They also have a release candidate for Samba4 out there. Not alpha, not beta, but real rc! My system is basically the same since alpha11, but there are only about 5 machines in the domain.



[#] Mon Oct 01 2012 19:44:02 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Not looking to set one up at all, actually. I simply noticed this article appearing over and over again by dozens of different authors. Quite frankly, if you need an Active Directory server, you've already failed.

[#] Tue Oct 02 2012 02:06:08 EDT from the_mgt @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

You might be right there, but on the other hand, actually seting up SSO stuff in linux manually is a bit of pain. Samba  does a pretty good job here, I either use kerberos tickets (for things like libvirt) or the ldap user for manually entering usernames and passwords across almost all of my local services: trac, apache, dokuwiki, citadel, windows vms, etc. In theory, spnego should work with firefox plugins or IE, but I do not use either of them.



[#] Tue Oct 02 2012 13:24:56 EDT from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


The trouble with SSO is that there are so many standards to choose from. LDAP has seen wide adoption, but it is user-hostile if you have any sort of password expiration configured - there are no diagnostic messages. LDAP doesn't do web-based single signon at all so we end up with two different authentication systems that must be synchronized, manually or via a scheduled task. We are using Google Apps OpenID auth for SSO to some of our web-based stuff--not too hard to implement via Spring Security, but does take some custom code.

[#] Thu Oct 04 2012 08:36:34 EDT from the_mgt @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

I agree about the password expiration stuff, but I guess that is not a direct fault of LDAP as a method, more of the implementations. As far as my expiriences go, almost all externally authed services have totally useless error messages. "Wrong password" can mean anything from "I misparsed your special chars", "The LDAP Server is down", "I was just too stupid to look up your user but I do not dare tell you." to "Lizards are forcing me to keep you logged out."

What I do not get is your remark about SSO and website stuff: Are you referring to the seamless login you can have with IE on Microsoft products? I agree partly, but with Samba4 using LDAP and Kerberos, you should be able to overcome these problems with a certain Firefox plugin. I think there is also something for Apache and at least dokuwiki would be able to handle this. I think thats SPNEGO.



[#] Thu Oct 04 2012 12:34:26 EDT from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


Yeah, it's definitely the lizards' interference in most cases.

As for web-based SSO, this may be a concern that is somewhat unique to companies like mine: many of our tools, ranging from JIRA to Google Apps, are actually SaaS apps that are hosted "in the cloud" or by someone else. As such, we want to be able to log in to Google Apps once, with our browser, and get access to all our other apps as well. You are not going to accomplish this easily with LDAP, and you are not going to accomplish it at all with Kerberos.

SSO here is not the same thing as password synchronization. If everything is talking to the same LDAP, but I still have to enter the same password multiple times a day, that's not SSO.

[#] Thu Oct 04 2012 16:15:53 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

For hosted apps that are unwilling to reach out to a non-hosted LDAP endpoint for authentication, the very least they should be willing to do is support OpenID. Then you could expose an OpenID endpoint that is authenticated against your LDAP. Yes, you'd have to type your password again, but at least you're not maintaining a separate password.

[#] Fri Oct 05 2012 14:00:57 EDT from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


If your organization's email domain is hosted on Google Apps (branded gmail, basically) then you'll find that the pinheads in charge want the central point of configuration for your SSO to be... Google Apps. (They implement an embrace-and-extend'd version of OpenID.) You could point Google Apps at your SSO provider using SAML, but this doesn't address POP3 login to gmail, etc. So you end up in cron-job based synchronization.

[#] Thu Oct 18 2012 19:55:09 EDT from the_mgt @ Uncensored

Subject: Migrating from tdbsam to ldap

[Reply] [ReplyQuoted] [Headers] [Print]

How do I most painlessly migrate users from tdbsam to openldap based authing in samba? I searched the web, but most guides seem to be from around 2005. Did one of you ever do something like this? Did it work out? Did you suffer while trying? The closest thing I found is http://nickportertech.blogspot.de/2008_05_01_archive.html which itself names tools hinting to https://gna.org/projects/smbldap-tools/ 

I will be switching distros at the same time, so I will not really operate on a live system



[#] Thu Oct 25 2012 20:18:41 EDT from zooer @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

I think I might move back to Ubuntu, I am tired of waiting for Debian to catch up and Fedora just isn't working right.

[#] Sun Oct 28 2012 11:52:15 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Which version of Debian are you using? 'stable' is the equivalent of Ubuntu's 'LTS', while 'testing' is quite stable and has up-to-date versions of most packages.

[#] Sun Oct 28 2012 15:13:48 EDT from zooer @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

I am not using Debian, the latest they had on their webpage was 6.x, which had older versions of everything. I wasn't impressed and I did
not try the testing. I was using Fedora 17, which seems to have a lot of odd problems. Fedora is still installed but I tri-boot and I am
back with Ubuntu 10.4. I was going to go with Ubuntu or Xubuntu 12.4 when I felt like installing it.

[#] Wed Oct 31 2012 09:45:53 EDT from the_mgt @ Uncensored

Subject: Crossover Office for free, today only

[Reply] [ReplyQuoted] [Headers] [Print]

[#] Wed Oct 31 2012 10:37:39 EDT from Freakdog @ Dog Pound BBS II

Subject: Re: Crossover Office for free, today only

[Reply] [ReplyQuoted] [Headers] [Print]

Interesting.

I used to be a Crossover Office user...but I didn't wind up really needing it for much, and then the few things for which I did need Windows, I wound up going with WinXP in a VirtualBox VM.



[#] Wed Oct 31 2012 12:37:02 EDT from timthetortoise @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

 

Sun Oct 28 2012 15:13:48 EDT from zooer @ Uncensored
I am not using Debian, the latest they had on their webpage was 6.x, which had older versions of everything. I wasn't impressed and I did
not try the testing. I was using Fedora 17, which seems to have a lot of odd problems. Fedora is still installed but I tri-boot and I am
back with Ubuntu 10.4. I was going to go with Ubuntu or Xubuntu 12.4 when I felt like installing it.

You realize that wheezy has the newer packages that you're looking for, right? Debian is, by default, built for stability by using packages that have been tested over long periods of time. If you want newer ones, vi /etc/apt/sources.list, :%s/squeeze/wheezy/g, apt-get update, apt-get dist-upgrade. Shiny new packages.



[#] Wed Oct 31 2012 15:25:29 EDT from zooer @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Yes, but I would like to get the stable release when it is released.

[#] Wed Oct 31 2012 15:38:45 EDT from timthetortoise @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Stable is considered "stable" because it's been tested over a long period of time. If you're using Ubuntu, you're already using Debian's "testing" packages. They're targeted toward different markets - Debian towards servers, Ubuntu towards end-users. If you're looking for a happy medium, try Xubuntu. Wonderful XFCE interface that replaces Unity, and very much Debian-like in actual use (but with Ubuntu base, of course). Or just use wheezy sources in Debian. I'm running wheezy on 3 servers at work, and haven't had a single issue so far. Stable is most stable, testing is stuff in testing for the next stable, unstable is bleeding-edge.



[#] Wed Oct 31 2012 19:40:54 EDT from the_mgt @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Thats the thing I never understood about debian. Nobody uses stable because it is from the stone age. If I want "stable and tested" on a production server, I go to centos or another RHEL derivate,  becaue of the longer support time for example.

For a desktop, I would give Sabayon or Arch a try, maybe even Zenwalk.

In general, I need to test SuSE again, I liked it before I switched to Gentoo, 



[#] Thu Nov 01 2012 00:04:33 EDT from dowdle @ Uncensored

Subject: Fedora not working right?

[Reply] [ReplyQuoted] [Headers] [Print]

What about Fedora isn't working right?

I've been working on my Fedora 18-based remix and it is coming along fine.

-- 
TYL, Scott Dowdle - Belgrade, Montana



Go to page: First ... 83 84 85 86 [87] 88 89 90 91 ... Last