Re: Centralized user management: what is best?

To: debian-user@lists.debian.org
Subject: Re: Centralized user management: what is best?
From: Jay Zach <jzach@zachfamily.org>
Date: Sat, 14 Jan 2006 17:31:11 -0500
Message-id: <[🔎] 43C97BAF.7080006@zachfamily.org>
In-reply-to: <[🔎] 20060114202040.GB4311@clivemenzies.co.uk>
References: <[🔎] 1.3.200601131139.4192@mclink.it> <[🔎] 43C92779.9080500@zachfamily.org> <[🔎] 20060114202040.GB4311@clivemenzies.co.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Clive Menzies wrote:
> On (14/01/06 11:31), Jay Zach wrote:
> 
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Hash: SHA1
>>
>>Mauro Condarelli wrote:
>>
>>>Hi,
>>>I have a small (<8 hosts) lan with mixed Linux (debian) and winXP hosts.
>>>Up to now I managed the debian hosts manually (copying /etc/passwd, /erc/groups, ..., manually), but that is a real pain.
>>>I did recently suffer a severe breakdown so I reinstalled most of the machines.
>>>At this point I would like to setup some centralized way to manage the whole network.
>>>I would like to manage:
>>>- users (<20)
>>>- file servers (2)
>>>- printers (3)
>>>- firewall (ADSL, fixed IP, currently managed with shorewall/webmin)
>>>- mail (currently on a separate host, but I plan to move it to the firewall)
>>>
>>>In the past I used NIS, but that is UNIX-only.
>>>I know there's OpenLDAP, but I never used it.
>>>Probably some other package is available.
>>>
>>>Question is:
>>>Given the needs, what is the "best" solution?
>>>Should I bother at all? (the main reason I want to install some management is that I began having a lot of permission problems when I moved hard disks from one host to another; I know how to fix them, but I would like to avoid re-doing all that next time...).
>>>Can someone point me in the right direction? I would like to avoid false starts.
>>>
>>>
>>>Thanks in Advance
>>>Mauro
>>>
>>>
>>
>>A year ago, I was in the same boat as you..... I now have all my Linux machines
>>authenticating to OpenLDAP database, and all my Windows machines authenticating
>>to a Samba domain, which is using the same LDAP db as it's backend.   It took a
>>lot of work and a lot of how-to reading, but I finally made it ;)
>>
>>I started small, just getting the LDAP database working.  I then went on to
>>figure out how to use PAM, nsswitch, et al, to auth my linux workstations to ldap.
>>
>>Finally I got my Samba server working as a Windows domain, and using LDAP.  It
>>was a long road, but worth it, and I now have much more knowledge of the subject.
>>
>>Contact me if you want my pertinent config files.
> 
> 
> I've also been pondering this for a while; have you got any particular
> links you found useful .... howtos, etc.?
> 
> Regards
> 
> Clive
> 



I'll throw some links in from where I've emailed them to myself in the past for
future reference.  I don't have time right now to go through them all to see
what were the most useful (and I truthfully don't remember -- this whole process
involved a bunch of small 'eureka moments', and I didn't do a good job
documenting them), so I'll just throw them out there, along with some of my
bookmarks...

http://www.linux.com/article.pl?sid=05/10/18/1732231

http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/LDAP-Implementation-HOWTO.html

http://www.enterprisenetworkingplanet.com/netsecur/article.php/3514511

http://groups-beta.google.com/group/linux.samba/browse_thread/thread/353078cfd35f7f41/217a96e9e79cd0b7?q=openldap+backup&rnum=3&hl=en#217a96e9e79cd0b7

http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html

http://www.linuxjournal.com/article/8374

http://www.fatofthelan.com/articles/articles.php?pid=24

http://searchopensource.techtarget.com/tip/1,289483,sid39_gci1152805,00.html

http://www.metaconsultancy.com/whitepapers/ldap-linux.htm

http://www.imaginator.com/~simon/ldap/

http://tldp.org/HOWTO/User-Authentication-HOWTO/index.html

http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html

http://bbm/phpldapadmin/

http://www.linuxjournal.com/article/8119



- --
- --------------------------------------------------------------------------------

A figure with curves always offers a lot of interesting angles.

Saturday Jan 14, 2006

- --------------------------------------------------------------------------------


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQEVAwUBQ8l7rq3rZxntQpytAQISuAf9EsVbwQ86V7+Jd/tV4aN3g2VsByA221y2
w6BTZxcfwuUZ7NeDCYffV4HKTdKPbcvsGLiNw3zvb0Bng+Lpymnsc9CWYnNDKP/S
5p89w25oPT4XM3nNXxwMapvNjveuLDK73Ai9hQaODRtaGG0shV+dolJZzSd3GqPt
uQVlezJ78oW4q00eCyRFZLRvVpthlSfCQGoG43kH/ZAY61H19D4OfsDPAzW34iop
cMICpWk5kXjZLpreJuwPqIv3K95jyF/b9oNOZwNBN/HwCHGM/iVlmnqfh835t3or
tPzrangxSu/yzflBBOobzBONfXbhQcm0CDUyEQtr6HCVQyMNzTKwPg==
=hgFO
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: Centralized user management: what is best?
  - From: Clive Menzies <clive@clivemenzies.co.uk>

References:
- Centralized user management: what is best?
  - From: Mauro Condarelli <mcondarelli@mclink.it>
- Re: Centralized user management: what is best?
  - From: Jay Zach <jzach@zachfamily.org>
- Re: Centralized user management: what is best?
  - From: Clive Menzies <clive@clivemenzies.co.uk>

Prev by Date: Re: Where to find latest unstable kernel src without messing sarge?
Next by Date: Package with config files - best practices?
Previous by thread: Re: Centralized user management: what is best?
Next by thread: Re: Centralized user management: what is best?
Index(es):
- Date
- Thread