RE: Looking for a good LDAP howto. pam, smb, etc.
> Hello,
>
> I am trying to setup a centralized login authority for logging in both
> linux and windows users. Later on it may be extended to supply info for
> DNS etc. I've spent quite a lot of time googling around, reading various
> writeups, but yet have to find a good one.
>
> Any recommendations?
>
Hmh,
I think it's also important to know how large your network is. How many
clients do you have? LDAP is not that easy and may be oversized for a
network with about ~10-50 clients. I tried to read myself into LDAP, but,
phew, it's very nasty.
I'd recommend samba then, make it a PDC and you can easily setup unix and
windows users and keep them sync'ed. A good HowTo? To be honest I read
several and combined those and I'm still not finished, Samba too has so many
options.
With Samba you'll only "connect" the wintendo with the nix world on a share
level. You may want to use nis/nis+ on the pdc to connect also the nix pcs,
so that they can share data or centralized directories without samba, it all
depends on your wishes.
If you decide to use SAMBA you can use this smb.conf and these tips as a
point to start from.
You'll need groups for the admin and for the machines
addgroup -gid200 admins
addgroup -gid201 machines
You'll need to setup the directories
mkdir -m 0775 /home/netlogon
chown root:admins /home/netlogon
mkdir /home/samba /home/samba/profiles/
chmod 1757 /home/samba/profiles
for the Domainadmin simply use administrator
in unix
useradd administrator
passwd administrator
PASS
RETYPE
added user administrator
then in samba
smbpasswd -a administrator
PASS
RETYPE
added user administrator
then put administrator in group admins (200)
to add new users simply do
1. Unix User
useradd (name)
passwd (name)
PASS
RETYPE
added user (name)
2. smb user
smbpasswd -a (name)
PASS
RETYPE
added user (name)
to add clients manually (must be done with the 'nix or mac or whatever non
wintendo clients!)
Unix-Account:
/usr/sbin/useradd -g machines -d /dev/null -c "machine id" -s /bin/false
machine_name$
passwd -l machine_name$
Changing password for user machine_name$
Locking password for user machine_name$
SMB-Account:
smbpasswd -a -m machine_name
Added user machine_name$
HTH,
Simmel
=====================================================
#-----------------------------------------------------------------
#---------------------Samba Config File---------------------------
#-------erstellt am 26.01.2004 von simmel@anymotion.de-----------
#----------------------------------------------------------------
#**************************************************
#******************** GLOBAL ***********************
#**************************************************
[global]
# Name of this machine in the windows network
netbios name = hostname
# Name of the Domain in the windows Network
# Name would be hostname.domainname(.de)
workgroup = domainname
# encrypted Passwords
encrypt passwords = yes
# commentline Server
server string = Samba PDC running %v
# TCP-settings server
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
#PDC and Master Browser settings (this option will make this machine the
Server Master Browser)
os level = 64
preferred master = yes
local master = yes
domain master = yes
# use a different wins-server
wins server = 192.168.0.7
# this line adds wintendo machines automatically to the domain
add user script = /usr/sbin/useradd -d /dev/null -g machines -s
/bin/false -M %u
#synchronise samba and UNIX passwords and keep them synced
# this didn't work out for me!!!!u got to test it!!!!
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n
#*Enter*new*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *passwd:
#*all*authentication*tokens*updated*successfully*
# ***************security*************
# security=user must be set if this machine is a SaMBa PDC
security = user
#encrypt passwords = yes must be set if this machine is a SaMBa PDC
encrypt passwords = yes
#Computer uses domain logins
domain logons = yes
#only allow local Net and localhost to connect
hosts allow = 127.0.0.1 192.168.0.0/255.255.255.0
# never use a log level > 3 unless necessary system will slow down
log file = /var/log/samba/log.%m
log level = 2
max log size = 50
User Profile
%L = samba server netbios name %U = Users name
# !!!!!!!!!!!!!these settings will create the profiles centralized on this
server, no local profile will be created then
#logon home for Win9x/ME clients
#logon path for Windows NT/2000 clients
logon home = \\%L\%U\.profile
logon drive = H:
logon path = \\%L\profiles\%U
logon script = netstart.bat
# !!!!!!!!!!!!!! for local (client) profiles use it like this.............
no profile on server
logon home =
#\\%L\%U\.profile
#logon drive = H:
logon path =
#\\%L\profiles\%U
logon script = netstart.bat
#****************************************************************
#*************************** Shares *****************************
#****************************************************************
# user home directory
[homes]
comment = Home Directories
browseable = no
writeable = yes
guest ok = no
map archive = yes
# user profile directory
[profiles]
path = /home/samba/profiles
writeable = yes
browseable = no
create mask = 0600
directory mask = 0700
# path to put the netstart.bat in, or similar task which should be started
for every host (anti virus stuff, *.reg etc)
[netlogon]
path = /home/netlogon
read only = yes
write list = administrator
Reply to: