Samba AD Authentication


Has anyone tried or succeeded in joining Ignition to a Linux based domain running on Samba?

I’ve got a Linux-based AD (via Samba 4 as DC) at home. I will see if I can get Ignition authenticating a user source against it and report back… Are you more interested in AD authentication (under Ignition) against a DC running on Samba, or AD auth on a Linux machine joined to a Windows domain (with, say, a standard Windows DC)?

We are using Ignition on Linux (CentOS 7) gateways in production with a Samba 4 AD domain (redundant DCs). We use the domain for authentication and roles management. It works just fine.

For setting up with LDAPS we had to import the AD domain root certificate into the Java trusted certs store, otherwise Ignition complained that it couldn’t verify the DC’s server certificates. On our CentOS 7 gateway servers it was sufficient to place the exported domain root cert into /etc/pki/ca-trust/source/anchors and run the update-ca-trust command (see man update-ca-trust).

1 Like

I finally got around to trying to get my connection setup to my Ubuntu-based Samba 4 AD DC… I ran into some issues, but I imagine that it is related to @sluitz comment about certificate trust.

Do you guys have any kind of how-to guide that you followed for this?

It would have been more than 5 years ago that I originally setup an AD DC with Samba 4… Yeah, because I’ve upgraded that server at home twice and I run it on the Long-Term-Support releases and I started on 12.04…

That aside, I know that much has changed in the Samba world since then, probably very likely for the better. I’ll be honest and mention though that I haven’t checked in on those changes and don’t know what to suggest at this time. If I stumble across some good resources, I’ll try to return and share.

1 Like