[tech] Active Directory migration status
Nick Bannon
nick at ucc.gu.uwa.edu.au
Mon Apr 17 23:00:35 AWST 2017
On Mon, Feb 27, 2017 at 12:29:32PM +0800, David Adam wrote:
> TLDR: more work to be done.
[...]
> Getting the Linux machines on the domain is proving trickier. Although the
> upgrade process cleanly migrates the users and groups, including home
> directory and shell data, exposing that data to NSS and PAM on Linux is
> proving a bit tricky. We have Winbind working, but it requires a lot of
> annoying setup on local machines and doesn't appear to allow users to have
> a GID of 0. Other options include using nss-pam-ldapd backed by Kerberos,
> which I have not managed to get working yet.
[CFE] and I had a look tonight.
No wheel/GID 0 accounts yet of course, but after Zack reset his password
(with "smbpasswd -U coffee" on samson); then
* ssh logins to the test Linux Mint VM 130.95.13.3 worked fine
* mdm graphical logins failed with
"The system administrator has disabled access to the system"
* lightdm wouldn't start
* xdm graphical logins worked nicely! (nice short /etc/pam.d/xdm by default)
We see that sssd is installed on the test VM; but we're using winbind
instead so far? Might be worth a play.
[NTU], [CFE].
--
Nick Bannon | "I made this letter longer than usual because
nick-sig at rcpt.to | I lack the time to make it shorter." - Pascal
More information about the tech
mailing list