• Launchpad Entry: https://launchpad.net/distros/ubuntu/+spec/network-authentication

• Created: Date(2006-11-08T16:14:00PST) by AndrewMitchell

Related Specifications

• ["NetworkAuthentication"]

Introduction

The most prominent step in successfully providing directory services integration on Ubuntu is that of the client. A server implementation without a client does not accomplish much. A client without our own server implementation can get us traction in markets already covered by a directory server, notably the majority of the world on Microsoft Active Directory. This is a market we should desire.

This document describes the design of Ubuntu's directory services integration from a client's perspective. It steps slightly into the realm of the servers when discussing various properties of the client which are directly driven by the choice of server configuration.

This plan is a subset of a much larger strategic goal of Ubuntu, [NetworkAuthentication]. This specification will be what we plan to implement in time for Feisty. The larger specification will take much longer to implement.

Rationale

A Ubuntu machine does not exist by itself, nor in a network that purely consists of Linux Machines. System Administrators for organizations are looking for a way to easily authenticate their Linux machines against an existing and established Active Directory infrastructure.

Scope

To be realistic, the scope of this specification is simply to provide a CLI and GTK based method of "joining" an Active Directory domain.

Implementation

• The [http://bazaar.launchpad.net/~ubuntu-dev/network-authentication/authtool authtool] package will be cleaned up & uploaded into feisty. The current todo list for this branch is:

  • - Convert modules to directory layout with resources - Gladify the gtk+ UI - Fix PAM configs - Detect settings automagically - pyQt UI

As well as authtool, to get proper integration with Active Directory, we need to have the "samba megapatch" which will be integrated into samba 3.0.24. The current SuSE release has this to allow for much better integration with AD than is possible with stock samba.

CLI

• The CLI interface accepts a configuration file to be used to enable settings

GTK

• Currently, the UI asks all possible questions for the configuration of each module, when most of them can be filled in automatically or defaults will be accepted.

  An UI mockup has been done at http://akita.larvalstage.net/~wasabi/Screenshot-Directory%20Services-1.png

Pre-seed

• For administrators to easily add a workstation to AD or other networks, the authtool cli tool will accept preseeding via either debconf, or by loading a configuration file which contains the settings. The preseeding can be done from the installer, or by deploying the configuration file to the workstations.

References

TBD

Comments

• Samba 3.0.24 is under development & is expected to be released in mid-late January, before FeatureFreeze (Feb 8th)

CategorySpec