d4rkf1br
08-04-2008, 04:12 PM
I am trying to setup SSO but I am using CentOS instead of Debian. The wiki is up, I have LDAP/AD integration setup and working but its not SSO yet.
CentOS - 5.2 (Linux version 2.6.18-92.1.6.el5.centos.plus)
DekiWiki - 8.05.2
I was reading the following in order to enable SSO:
http://wiki.developer.mindtouch.com/MindTouch_Deki/FAQ/User_Management/How_do_I...enable_single_sign_on_with_Active_Direc tory%3f
and
http://forums.developer.mindtouch.com/showthread.php?t=3002
OK, I have progressed with this a little and now have new questions.
First of all I was able to get the mod_auth_ntlm_winbind module, got it compiled by following the directions here:
http://samba.org/ftp/unpacked/lorikeet/mod_auth_ntlm_winbind/README
Doing this placed the file mod_auth_ntlm_winbind.so in the /usr/lib/httpd/modules directory.
I then edited the httpd.conf I believe to make sure that the module was loaded:
LoadModule auth_ntlm_winbind_module modules/mod_auth_ntlm_winbind.so
I now see the mod_auth_ntlm_winbind loaded in Apache when looking at the phpinfo page.
So then I moved on to the winbind portion of things, basically as I understand it I need to get winbind/samba setup so that my Linux box is joined to the AD domain and is allowed I guess to pass login info back and forth to AD.
My AD domain consists of Windows Server 2003 machines as domain controllers.
Following the directions in the MindTouch FAQ for Single Sign On I was able to get my Linux box joined to the domain. Simply edited the smb.conf file as specified and then ran the "net join domainname -S PDCName -U adminusername"
This prompted for password and came back with "Joined domain xyz"
Problem is when I run the wbinfo -t, wbinfo -g commands I get errors.
There are apparently a lot of ways to use the net join to get a machine in AD. For instance you can do "net ads join" and "net rpc join" and so on.
My question is does it matter to Deki Wiki what it takes to get the computer joined to AD and having the wbinfo -t and stuff working?
If I get this working but it takes the "net ads join" rathen then just "net join" will that somehow affect getting Deki Wiki to work with SSO?
The next step after getting wbinfo to report back accurately is configuring the beta LDAP service in Deki and I am not sure if success with getting the beta LDAP service is going to be dependent on the specific way in which winbind is working.
Thanks for your time.
CentOS - 5.2 (Linux version 2.6.18-92.1.6.el5.centos.plus)
DekiWiki - 8.05.2
I was reading the following in order to enable SSO:
http://wiki.developer.mindtouch.com/MindTouch_Deki/FAQ/User_Management/How_do_I...enable_single_sign_on_with_Active_Direc tory%3f
and
http://forums.developer.mindtouch.com/showthread.php?t=3002
OK, I have progressed with this a little and now have new questions.
First of all I was able to get the mod_auth_ntlm_winbind module, got it compiled by following the directions here:
http://samba.org/ftp/unpacked/lorikeet/mod_auth_ntlm_winbind/README
Doing this placed the file mod_auth_ntlm_winbind.so in the /usr/lib/httpd/modules directory.
I then edited the httpd.conf I believe to make sure that the module was loaded:
LoadModule auth_ntlm_winbind_module modules/mod_auth_ntlm_winbind.so
I now see the mod_auth_ntlm_winbind loaded in Apache when looking at the phpinfo page.
So then I moved on to the winbind portion of things, basically as I understand it I need to get winbind/samba setup so that my Linux box is joined to the AD domain and is allowed I guess to pass login info back and forth to AD.
My AD domain consists of Windows Server 2003 machines as domain controllers.
Following the directions in the MindTouch FAQ for Single Sign On I was able to get my Linux box joined to the domain. Simply edited the smb.conf file as specified and then ran the "net join domainname -S PDCName -U adminusername"
This prompted for password and came back with "Joined domain xyz"
Problem is when I run the wbinfo -t, wbinfo -g commands I get errors.
There are apparently a lot of ways to use the net join to get a machine in AD. For instance you can do "net ads join" and "net rpc join" and so on.
My question is does it matter to Deki Wiki what it takes to get the computer joined to AD and having the wbinfo -t and stuff working?
If I get this working but it takes the "net ads join" rathen then just "net join" will that somehow affect getting Deki Wiki to work with SSO?
The next step after getting wbinfo to report back accurately is configuring the beta LDAP service in Deki and I am not sure if success with getting the beta LDAP service is going to be dependent on the specific way in which winbind is working.
Thanks for your time.