Google Groups Home
Help | Sign in
ESOE Users
+ new post
Home
About this group
Join this group
Message from discussion ESOE with SAMBA authentication
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
Bradley Beddoes  
View profile
  More options Jun 2, 8:37 am
From: Bradley Beddoes <bedd...@intient.com>
Date: Mon, 02 Jun 2008 08:37:48 +1000
Local: Mon, Jun 2 2008 8:37 am
Subject: Re: [esoe-users] Re: ESOE with SAMBA authentication
Reply to author | Forward | Print | View thread | Show original | Report this message | Find messages by this author
Hello,

Martijn van der Plaat wrote:

> Hi Bradley,

> At the moment i don't have much pratical experience with Samba. I dont
> really understand the function of SPNEGO.

This wikipedia article and associated (linked) RFC's etc may be of
assistance to you http://en.wikipedia.org/wiki/SPNEGO

> I know that SAMBA can be configured with LDAP as backend. On the ESOE
> website i saw the graphical picture with LDAP as a possible solution
> beside the Windows Login service (that is i think the Active Directory
> integration you mean).

> So the trick lays in the LDAP session? If that LDAP connection to ESOE
> in the picture means that the LDAP session can be integrated in ESOE
> it would be great. But again i don't fully understand how things
> work.

Essentially your looking at either using native LDAP integration or
SPNEGO support (you can use both in sequence, if ESOE detects no SPNEGO
support it will fall through to native LDAP support with an associated
web form).

> Maybe you can tell how to do this? I want to take effort in realising
> this SAMBA-ESOE connection.

Basically you'd want to configure your PDC and the ESOE to utilize the
same LDAP server for authentication. When a user logs into their
workstation their credentials will ultimately be validated against this
LDAP server. Once this is completed (assuming Samba support for SPNEGO
is a go) their Windows machines will have access to tokens which ESOE
(also configured to talk to your PDC) can accept and validate.

For users not logged into the domain (off site for example) they will be
presented with a web form to enter their credentials for initial
authentication, this will be validated directly against your LDAP server
(no PDC involvement at all here).

By going with this approach you only have a single store of
users/credentials and for end users this means the same
username/password to access their workstations and web tier content.

The next step is probably to figure out just what level of SPNEGO
support a SAMBA PDC exports, if it can give everything we require on the
previous configuration URL i sent you then its probably good to go.

regards,
Bradley

> Greets.

> Martijn van der Plaat

> On 1 jun, 08:13, Bradley Beddoes <bedd...@intient.com> wrote:
>> Hi,

>> We already have an authentication mechanism in place which allows ESOE
>> to integrate with a domain controller setup provided by Windows servers
>> which we've documented here:http://esoeproject.org/confluence/display/eu/ESOE+to+Active+Directory...

>> Essentially this allows a user to login to their workstation of a
>> morning and automatically be provided access to ESOE services we call
>> this "true single sign on" and the clients we have who've deployed it
>> really love it. In the back end there is a bunch of SPNEGO ticket
>> validation going on.

>> Does the Samba PDC provide the SPNEGO type functionality? If so it may
>> not be much effort to test an ESOE setup against a Samba PDC and
>> validate this works.

>> I hope I've interpreted your query below correctly, please correct me if
>> I've totally misread your requirements :).

>> regards,
>> Bradley
>> --
>> Bradley Beddoes
>> Lead Software Architect
>> Intient Pty Ltd

>> Join me on LinkedIn:http://www.linkedin.com/in/beddoes

>> Martijn van der Plaat wrote:

>>> Hi all,
>>> I was wondering if it is possible when SAMBA is configured with LDAP
>>> as authentication backend and ESOE is configured with LDAP as
>>> authentication source the SAMBA session is available in ESOE.
>>> This connection is great because when as user logs in to the PDC the
>>> user is also connected to the applications that are connected to ESOE
>>> like blackboard, Google Apps, or OpenID or some other application.
>>> Greets Martijn.

--
Bradley Beddoes
Lead Software Architect
Intient Pty Ltd

Join me on LinkedIn: http://www.linkedin.com/in/beddoes


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2008 Google