Samba on linux for NTLM Single Sign On

Samba on linux for NTLM Single Sign On

by Mirco Poretti -
Number of replies: 1

Hi,

I'm trying to setup Samba on CentOS server (Apache Moodle installation) for Active Directory Single Sign On but I have some problems. Following https://docs.moodle.org/29/en/NTLM_authentication I'm not able to configure Samba correctly and join Active Directory. Ldap module already works.  In "Assumptions" section  it says "The Server hosting your website is a member of the Active Directory Domain that your users are also members of". Do CentOS server and Active Directory have to be in the same network and/or in the same domain?(I don't understand if this "Assumption" is the same of the join operation that is described in the "Using the NTLM part of Samba for Apache on Linux" or It is another thing).

This was the first question, then I have to know how to configure Samba configuration files. The above documentation is not very detailed. Sorry but I'm a beginner.

Another problem is that I haven't Administrator account in the Active Directory (Join operation seems to require this), then I have to know all steps in detail before communicating all I need to System Administrators (for example network/domain operations). We have other web applications with Active Directory Single Sign On, but they are in a Windows environment.

Sorry for my english. I hope someone can help a beginner ;) Thank you!

Average of ratings: -
In reply to Mirco Poretti

Re: Samba on linux for NTLM Single Sign On

by Iñaki Arenaza -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
Hi Mirco,

the documentation on how to configure Samba is not very detailed because it focuses on the Moodle configuration side.

You want to configure your CentOS server as a Samba AD Member server. The Samba documentation on how to do this can be found at
https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server That documentation still asumes certain familiarity with Unix and Active Directory administration though.

Regarding your second question, yes, you need an Active Directory domain account with "Add machine accounts" privilege (it's something like that, I'm going by memory). By default Domain Administrators have that privilege, but it can be assigned to other accounts (e.g., accounts in the "Account Operators" group get that privilege too).

So you probably want to do all this hand in hand (i.e. sitting side by side) with one of your Active Directory administrators.

Saludos.
Iñaki.
Average of ratings: -