To support True SSO on a SLED 12.x SP3 or SLES 12.x SP3 desktop, integrate the desktop with an Active Directory domain using the Samba and Winbind solutions.
Use the following procedure to integrate a SLED/SLES desktop with an AD domain.
Prerequisites
- The Active Directory (AD) server is resolvable by DNS on the Linux system.
- The Network Time Protocol (NTP) is configured on the Linux system.
Procedure
- On your SLED/SLES desktop, install the samba and winbind packages.
zypper install samba-winbind krb5-client samba-winbind-32bit
- Open the YaST setup tool and navigate to .
- On the Windows Domain Membership screen, configure settings as follows.
- For Domain or Workgroup, enter the DNS name of the workgroup or NT domain that includes your Samba server, using all capital letters. For example, if your workgroup name is mydomain, enter MYDOMAIN.
- Select Also Use SMB Information for Linux Authentication.
- Select Create Home Directory on Login.
- Select Offline Authentication.
- Select Single Sign-on for SSH.
- At the prompt asking if you want to join the domain, select Yes.
- Enter the administrator name and password for the specified workgroup, and select OK.
A message appears confirming that your SLED/SLES desktop joined the domain successfully. Select
OK.
- Edit the /etc/samba/smb.conf configuration file so that it includes the following parameter.
[global]
...
winbind use default domain = yes
- Reboot your system and log back in.
- Test and verify your SLED/SLES desktop integration.
Run the following test commands and check that they return the correct output. Replace
mydomain with the name of your Samba server workgroup or NT domain.
- net ads testjoin
- net ads info
- wbinfo --krb5auth=mydomain\\open%open
- ssh localhost -l mydomain\\open