Author Topic: Joining and authenticating a linux machine to an ebox domain.  (Read 24039 times)

arun

  • Zen Monk
  • **
  • Posts: 86
  • Karma: +0/-0
  • no windows, no gates, all open
    • View Profile
Re: Joining and authenticating a linux machine to an ebox domain.
« Reply #30 on: July 27, 2011, 07:03:30 am »
Dear Christian, its really great that Zentyal has shown concern for the popular issue.

For me, if you simply help me to complete the document http://doc.zentyal.org/en/pdc-howto.html?highlight=desktop#adding-computers-to-the-pdc
what if / how to, if client is Ubuntu ....

(My motto is to completely switch over to Ubuntu ....)

luuxl

  • Zen Apprentice
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: Joining and authenticating a linux machine to an ebox domain.
« Reply #31 on: September 06, 2011, 03:47:44 am »
Hi ALL,
Please help me!
I have:
"root@vt-hdg-quantv:~# net join -U itcnvt
Enter itcnvt's password:
Joined domain VT-HDG.COM."
But on this Logon interface, i dont login with user + pass on eBOX
ex: VT-HDG\itcnvt
????????????????????????????????????

luuxl

  • Zen Apprentice
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: Joining and authenticating a linux machine to an ebox domain.
« Reply #32 on: September 06, 2011, 03:53:28 am »
Quote
You should be able to join the domain using any account that has been marked "Admin" in eBox.

OK! I did that and I got a message saying "welcome to the domain"!

Now I want to know how do I change the login so that I can login with the domain accounts.

Unless I'm misunderstanding your question, I think all you need to do is create more regular users in eBox who should be able to log onto any PC in the domain.

Hi,
Edit gdm or kdm,,
help me please...

ichat

  • Zen Hero
  • *****
  • Posts: 795
  • Karma: +28/-16
  • RTFM!
    • View Profile
Re: Joining and authenticating a linux machine to an ebox domain.
« Reply #33 on: September 06, 2011, 04:00:47 pm »
I need to read all the thread again but till now I'm a bit confused with some of the comment made here.
- What does it mean for Linux client to "join the domain"?
- Linux client side, use of LDAP as back-end for authentication and group membership requires PAM (for the authentication) and NSS to be configured to use LDAP. Notice that this doesn't provide SSO  ;)
- in order for Linux client to benefit from NSS-LDAP, objectclass for POSIX attributes is required (RFC2307bis)
- I don't understand what is the "LDAP related" security issue  :-[

did you miss this link that allready explains how to configure ldap on ubuntu...   

question 2:   the ldap security issue is that  your connection to ldap  is insecure and doesn't use  ssl... any network sniffer could collect al your passwords... - specially if you have wifi enabled... 

 enabling  ssl with slapd would solve this issue rather simple... and thats whant is meant when said that all tools are there allready. 
All tips hints and advices are based on my personal experience.
As I try my best to be as accurate as possible, following my advice is always at your own risk,
I claim absolutely NO responsibility in any way!

christian

  • Guest
Re: Joining and authenticating a linux machine to an ebox domain.
« Reply #34 on: September 06, 2011, 04:15:59 pm »
thank you for the link  ;)
Joke aside, I know this, at least enough to deploy it world wide for (very) large company  because I did it already ;)

I fully share that lack of default LDAPS is a concern because of base64. I believe that reason of such design is that LDAP, at least at the beginning, was not designed to be accessible out of Zentyal box. Remember that default FW rules are not opening LDAP protocol. So I suspect this "bug" is inherited from this initial "all in one box" concept.

This doesn't prevent Zentyal to improve it. One more entry in the request features section?  :D
« Last Edit: September 06, 2011, 04:26:41 pm by christian »

jsalamero

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1419
  • Karma: +45/-1
    • View Profile
Re: Joining and authenticating a linux machine to an ebox domain.
« Reply #35 on: September 11, 2011, 10:54:58 pm »
Yes, we will try to add LDAPS support, and also in ADsync too.