<p>With our current squeeze-test packages, I can select the roaming
workstation profile and get a working laptop connecting to the
university LDAP server for user and group and our active directory
-servers for Kerberos authentication. My users home directory got a
-bookmark in the KDE menu to mount it via SMB, with the correct URL.
+servers for Kerberos authentication. All this without any
+configuration at all during installation. My users home directory got
+a bookmark in the KDE menu to mount it via SMB, with the correct URL.
In short, openldap and sssd is correctly configured. In addition to
this, the client look for http://wpad/wpad.dat to configure a web
proxy, and when it fail to find it no proxy settings are stored in
network with such wpad setup, it would automatically use it when DHCP
gave it a IP address.</p>
+<p>The LDAP server is located using DNS, by first looking for the DNS
+entry ldap.$domain. If this do not exist, it look for the
+_ldap._tcp.$domain SRV records and use the first one as the LDAP
+server. Next, it connects to the LDAP server and search all
+namingContexts entries for posixAccount or posixGroup objects, and
+pick the first one as the LDAP base. For Kerberos, a similar
+algorithm is used to locate the LDAP server, and the realm is the
+uppercase version of $domain.</p>
+
<p>So, what is not working, you might ask. SMB mounting my home
directory do not work. No idea why, but suspected the incorrect
Kerberos settings in /etc/krb5.conf and /etc/samba/smb.conf might be
projects / homepage.git / blobdiff