Hi, I'm setting up a Debian machine with LDAP authentication (the LDAP Server runs on the Debian machine, and should be used for authentication both locally and on remote machines, but that's not the problem). The LDAP Server runs fine, and both local and remote users can authenticate from it. I'm doing this the first time, and so I run into a few problems: - How can I manage the accounts in a sensible way? useradd and the like seem not to use PAM, so I can't use them; until now I've used directory-administrator and gq to manage the accounts, but I have a strong dislike for GUI programs for such tasks. I know I can use ldapadd/ldapmodify to manage accounts, but I'm not yet good enough in LDIF to do that. Is there any useradd-like tool which uses PAM? - Using useradd etc every user has also his own group. Do I *really* have to create all of them by hand? - How do I add a user to more than one group? - I'd like to allow some users to log in on the server (via ssh, for example) and others not BUT everybody should be able to log in to the workstations (which authenticate off the server). Thus setting the shell to /bin/false is not an option. It'd be ideal if it could be done by group (ex. all users in the group "it" can log in on the server, the others can't). Is there any solution for this? Thanks a lot. Aaron Isotton [ http://www.isotton.com ] -- If you can't understand it, it is intuitively obvious.
Attachment:
signature.asc
Description: This is a digitally signed message part