Topic: [Solved] Unix/Linux support for joining domain controller?

[trpted]

At https://wiki.contribs.org/Category:Medium I see for Windows 7, 8, 10 - that deal with setting up a domain controller and getting those OSes to join the domain.

Where is there Unix/Linux support?

Thank you

[Stefano]

https://wiki.contribs.org/Client_Authentication

P.S. I saw you posted also in other forums (nethserver, for example).. my troll-o-meter is in orange zone

[DanB35]

You mean this thread wasn't enough to put your troll-o-meter to red?
https://forums.contribs.org/index.php/topic,52409.0.html

[Stefano]

no.. but the next will.. and I'm a moderator <VBEG>

[kb-ohnemus]

BTW, in OpenSuse there is a graphical tool (yast, yet another setup tool) which makes joining the domain as easy as in windows.

[Stefano]

Actually almost all distros have a client/GUI, but 90% of tjem is for AD joining

[kb-ohnemus]

The module integrated in yast is the only one (I know of) working with SME-Server.

[Daniel B.]

Never understood why using samba/winbind with Linux clients when LDAP auth is possible, cleaner, simpler, most likely more secure (and has other advantages like having the same UID/GID on all clients, and on the server). It's also working for offline clients if you use sssd

[kb-ohnemus]

Is it possible to auth clients by ldap now? This was not the case when I started using SME-Server maybe 10 years ago, so I chose winbind.
Also I can't find any wiki pages.

[Daniel B.]

It's possible since SME8. There's no change to be done on SME itself. For the client, here are some pages:

https://wiki.contribs.org/Client_Authentication:Fedora_via_sssd/ldap
https://wiki.contribs.org/Client_Authentication:Centos_via_sssd/ldap
https://wiki.contribs.org/Client_Authentication:Debian_via_sssd/ldap
https://wiki.contribs.org/Client_Authentication:Gentoo_via_sssd/ldap
https://wiki.contribs.org/Client_Authentication:Ubuntu_via_sssd/ldap

The only "difficult" part is to make sure your client can verify SME Server's certificate, but now that Letsencypt can provide valid certificate for free...

[DanB35]

now that Letsencypt can provide valid certificate for free...

...for more information on which, see https://wiki.contribs.org/Letsencrypt (I'd suggest letsencrypt.sh rather than the official client).

[trpted]

P.S. I saw you posted also in other forums (nethserver, for example).. my troll-o-meter is in orange zone

While I can be a troll (annoying sometimes), but I and others learn something in the process. When I say others learn something, I do not mean: Do not feed the troll.

For example of what I mean.

#1 From (third party site) DSLR (dslreports.com) Forums >Broadband Tech > Security > Security > DMZ and portforwarding are equally dangerous?

While he tells people that responding to ping is dangerous, he replys to ping.

b) Note while I meant replies, someone replied with something interesting.

#2 From (third party site) portforward.com -> forum -> Router Specific -> Ping result: We were not able to ping your router the thread started on Tue Oct 15, 2013 at 4:18 pm

Quoting my self

Here are some catches about ping:

a) If the server that you forwarded requires that you reply to ping, well then you must enable responding to ping in the router.

b) If the server that you forwarded does not require that you reply to ping, well that depends on another factor..

As to what that other factor is, I point to the post by nwrickert (DSLR user #1070900) in DSLR (dslreports.com) Forums >Broadband Tech > Security > Security > DMZ and portforwarding are equally dangerous? on 2010-08-21 at 13:53:23.

c) There are certain troubleshooting tools that require that you reply to ping.

For example if you wanted to use the followings tool(s) at DSLR (dslreports.com) -> Tools: Smokeping, Line quality - Ping Test, and for 24x7 Line Monitoring...

#3 If the ports are open but the program/app does not work: I have an odd feeling that with this server, you must reply to ping.

--
Directions if you want to reply to ping..

#1 In the router go to Setup ->  Advanced Setup -> Options

#2 Remove the check mark next to WAN Blocking

#3 Save/Apply

#3 Save/Apply

http://screenshots.portforward.com/routers/Cisco/EPC2425/

Notice the OP's post that the port is open and Bittorrent is not seeding, but after telling that and they did what I told them to do I solved their issue.

[guest22]

Never understood why using samba/winbind with Linux clients when LDAP auth is possible, cleaner, simpler, most likely more secure (and has other advantages like having the same UID/GID on all clients, and on the server). It's also working for offline clients if you use sssd

I never understood why M$ needed to deviate from standard LDAP in the first place and mutilated/crippled their 'LDAP take' on LDAP and call it AD....


ps. I DO understand why they wanted to create a closed eco-system and tie it all together, hence AD ('all your base are belong to us')