# Single Sign-On FreeBSD/Windows



## QuinRiva (Dec 2, 2012)

Can anyone suggest a single sing-on service that I can use for logging onto both my FreeBSD machine, and my Windows machines.  My primary requirement is ease of file transfers between machines (i.e. logging onto any machine and being able to read/write shares on other machines).  I do not need roaming profiles, as my different computers generally perform different functions.

Preferably something that is well documented.  After messing about trying to get Samba4 working for the past couple of weeks I've finally given up as a result of lack of Guides/HowTo's.


----------



## roddierod (Dec 2, 2012)

If you are trying to find something in the *nix world that supports active directory, then I don't think you will find that.

If you are simply jus trying to share data files (text, images, mutltimedia), then simpliest thing that comes to mind is a file share, probably formated as fat32 or ntfs so that windows can read and write to it easily. On FreeBSD, try using [CMD="mount_smbfs"]mount_smbfs[/CMD], which does not require Samba. For example you could mount the fileshare with a command line this:


```
mount_smbfs -I IP_OF_FILESHARE //share_name /freeBSD/mnt_point
```

This has been working very well for me lately.


----------



## jrm@ (Dec 2, 2012)

What about public key based authentication and scp?


----------



## wblock@ (Dec 2, 2012)

What would you use for an sshd server on Windows?

There are ways to authenticate to Active Directory: https://wiki.samba.org/index.php/Samba_&_Active_Directory.


----------



## jrm@ (Dec 3, 2012)

wblock@ said:
			
		

> What would you use for an sshd server on Windows?



Apparently there are ssh servers for windows.  I have no experience with any of them, so I'm not necessarily recommending this approach.  I was just brainstorming possible solutions.


----------



## wblock@ (Dec 3, 2012)

jrm said:
			
		

> Apparently there are ssh servers for windows.  I have no experience with any of them, so I'm not necessarily recommending this approach.  I was just brainstorming possible solutions.



Sorry if it came off wrong, but I was just curious, not having done it either.  It turns out that sshd can be run through Cygwin.  I can't imagine an AD setup would be less complicated, but it might depend on the number of machines.


----------



## QuinRiva (Dec 3, 2012)

I have previously run AD under Windows, but I am looking to migrate most of my server stuff to *nix.  I not looking for a full AD replacement, as I really only utilise some of the more basic features.  I was hoping that Samba4 would be a good solution as they are approaching final RC, but the lack of documentation, in particular documentation relevant to *BSD, means that I am unlikely to be able to get it to work.

Would some combination of Heimdal KDC (Kerberos) and OpenLDAP work?

I'm looking to eventually migrate my media to ZFS.

Filesharing with half a dozen computers all with different logins can be a nightmare, I want to make sure that I can read/write to all the shares, but that no-one else can.


----------



## throAU (Dec 3, 2012)

Kerberos and LDAP is the way to go, but I dont think you'll find anything out of the box.

Active Directory essentially uses Kerberos for auth and LDAP for configuration info.


I'd recommend looking into the O'reilly books for LDAP and Kerberos, I have both and they step through getting cross-platform auth working with Windows 2000 -> Unix.

Obviously that's somewhat old, but the principles should be the same.


----------



## mamalos (Dec 3, 2012)

On my student's lab I am running a FreeBSD heimdal server which our *NIX machines are using for authentication, and a samba server with OpenLDAP as its backend for Windows machines user authentication. The problem with this setup is user syncing, where an OpenLDAP overlay exists (called smbkrb5pwd) that supports samba/krb5/openldap password synchronization. I think it has some issues with account expiration sync-ing, but I am not sure, because I've never used it. We have programmed our own synchronization program, because we have more user backends other than these 3 and we wanted to have a modular program that could synchronize arbitrary user backends. If you don't have such needs, the abovementioned configuration will probably suit you just fine.

PS. You need to install the ports' security/heimdal with OpenLDAP as its backend in order to make things work.


----------



## ziyanm (Dec 3, 2012)

Another option for file transfer is to use NFS. Microsoft has a free implementation in services for unix (SFU).


----------



## SirDice (Dec 3, 2012)

ziyanm said:
			
		

> Another option for file transfer is to use NFS. Microsoft has a free implementation in services for unix (SFU).



Unfortunately that's only available on Windows 7 Ultimate and Enterprise. Not sure about Windows 8 but it's most likely the same deal.


----------



## throAU (Dec 4, 2012)

SFU has been deprecated I believe and will be going away in future versions of Windows.


I just checked in a Windows 8 VM i have here, and in add/remove features it has:
"Subsystem for UNIX-based Applications [Deprecated]" listed.

So whilst it might get you out of the poo today, I wouldn't plan on SFU as a long term solution.


----------



## mix_room (Dec 4, 2012)

roddierod said:
			
		

> If you are trying to find something in the *nix world that supports active directory, then I don't think you will find that.


FWIW the standard sshd can be made to authenticate against Active Directory via PAM-scripts. 

This might not be the way you want to go about it, but if you have an active directory domain - which samba4 seems to do for you - then it is quite easy, you can manage everything centrally. 

As for file sharing - how about a central storage server?


----------

