Join us on our own very special Reddit: /r/Linuxers
Anyone with Kerberos/OpenLDAP experience?
damarrin 7 Dec, 2020
I tried configuring a Kerberos/OpenLDAP server for the organisation I work for a few years back using guides I found online like:

https://help.ubuntu.com/community/SingleSignOn

and I bounced off really hard. Outdated, contradictory info, very complex installation and configuration, the works. I'm not surprised MS has a monopoly with AD.

I'm trying to start with this again and was wondering if anyone over here has any experience or knowledge they can share? A good, up-to-date guide or just general help? I have found a couple of resources I didn't have before so maybe this time I'll have a revelation and be done in 2 hours, but somehow I don't think it'll be that easy...
Julius 7 Dec, 2020
Heh, gaming on Linux...

I also need to look into that sonish (tm) and have been procastrinating on it because of the horror stories on the web. a few months back I actually looked into alternatives, but SAML is hardly better. If you can get away with supporting only Oauth2 / OpenID Connect than that is a modern standard that is indefinitly better.

But I recently came across this very young project that seems super exciting: https://gitlab.com/yaal/canaille

It is basically a LDAP user interface with Oauth2 bridge.
Linas 7 Dec, 2020
I have been recommended https://www.freeipa.org/ by a sysadmin. Haven't looked at it myself yet though.
dorron 7 Dec, 2020
Yep, the lack of a proper AD (with integrated shares and GPO management) competitor in linux is annoying. It's the only thing i miss in linux personally along with photoshop (gimp and krita don't cut it for me).

It's about time a proper solution to this sees the light (there are paid semi-solutions, like UCS, but...)

Last edited by dorron on 7 December 2020 at 12:36 pm UTC
Linas 7 Dec, 2020
Quoting: dorronthe lack of a proper AD (with integrated shares and GPO management) competitor in linux is annoying.
Depends on what exactly are you trying to achieve, but to manage your Linux machines centrally, you should really take a look at something like Puppet or Ansible.

Authentication can be handled via Samba and PAM if you need to integrate with ActiveDirectory.
Arehandoro 7 Dec, 2020
Quoting: LinasI have been recommended https://www.freeipa.org/ by a sysadmin. Haven't looked at it myself yet though.

I run a freeipa server at home for my personal infra, with a read replica in DO for cloud servers. It works very well for a basic setup, and as long as you only have Linux servers -integration with AD is still buggy- but for more complex scenarios and possibly business use, it gets a bit of a nightmare. Specially for people less versed in DNS -which it isn't my forté-
While you're here, please consider supporting GamingOnLinux on:

Patreon, Liberapay or PayPal Donation.

We have no adverts, no paywalls, no timed exclusive articles. Just good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
Login / Register

Or login with...
Sign in with Steam Sign in with Twitter Sign in with Google
Social logins require cookies to stay logged in.

Livestreams & Videos
Community Livestreams
Latest Forum Posts