On Thu, Feb 18, 2021 at 8:10 PM Kent West <we...@acu.edu> wrote: > Ultimate goal: > 1. Allow Windows/Mac users to map drives to Debian fileshares. > 2. Allow Windows/Mac users to ssh into same Debian box. > > Near as I've been able to figure out (the web documentation seems to be > all over the map), there are basically three ways of authenticating users > for logging into a Debian box (at the console, or possibly via ssh, or > possibly to access Samba fileshares): > > 1) the oldest and least-preferred method - LDAP and > manual configuration of various files > 2) the winbindd method - still supported, but perhaps on the road to > deprecation in favor of sssd > 3) the "modern" sssd method > (Kerberos also seems to be a method, but that may be wrapped up in one or > the other above methods.) > > It is my (possibly incorrect) understanding that the sssd method does not > yet provide Samba filesharing capabilities, making winbindd the preferred > choice. > > I have found the realmd tool, which makes the setup of either winbindd or > sssd for console-based logins pretty easy. I can get console-based logins > to work with either of theses two methods: > > winbindd: > > realm join --membership-software=samba --client-software=winbind -U > [domain-add-capable user] [domain-name] > > sssd: > > realm join -U [domain-add-capable user] [domain-name] > > With either of these two methods, I can log into the console with a login > like: > user@domain > > But with the sssd method, I could never get samba shares to work. With the > winbind method, I can't get ssh to work. And a huge roadblock is that I've > simply beeb unable to wrap my brain around what is needed; as mentioned, > the web documentation is all over the map. > > So with all that said, my basic question here: Is my understanding of the > three methods, for joining an Active Directory domain, validating users > from it for console logins, ssh logins, and mapping drives shared from the > Debian box, close to correct? > > Thanks! > > > -- > Kent West <")))>< > Westing Peacefully - http://kentwest.blogspot.com >
Yes, after tinkering and fighting these past couple of days with virtual machines and test machines, etc, I believe my understanding is correct. My notes on the process, should anyone be interested, are here: http://goshen.acu.edu/westk/DEBIAN/Debian2ADSetup.html -- Kent West <")))>< Westing Peacefully - http://kentwest.blogspot.com
