Re: Centralized user management: what is best?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mauro Condarelli wrote:
>>==========================
>>Date: Sat, 14 Jan 2006 11:31:53 -0500
>>From: Jay Zach <jzach@zachfamily.org>
>>To: debian-user@lists.debian.org
>>Subject: Re: Centralized user management: what is best?
>>==========================
>>
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Hash: SHA1
>>
>>Mauro Condarelli wrote:
>>
>>>Hi,
>>>I have a small (<8 hosts) lan with mixed Linux (debian) and
>
>
>>I started small, just getting the LDAP database working. I then
>>went on to
>>figure out how to use PAM, nsswitch, et al, to auth my linux
>>workstations to ldap.
>>
>>Finally I got my Samba server working as a Windows domain, and
>>using LDAP. It
>>was a long road, but worth it, and I now have much more knowledge
>>of the subject.
>>
>>Contact me if you want my pertinent config files.
>
> Thanks.
> Advise would be welcome.
> Either in the form of Your current config files or, better, in the
> form of a "roadmap", so I can avoid false starts and remain on track.
> The sheer size of the pertinent manuals/howtos is discouraging.
>
>
>>Good Luck :)
>
> I Know I'll need that! :) :) :)
>
> TiA
> Mauro
>
I pretty much already outlined my 'roadmap' as I would recommend it :)
1. Get LDAP directory implemented
a) add a few people to it as test
b) use it as an address book first ( I think this is easiest), get email
clients to query it for addresses
c) learn what you need to do to add a few user accounts to it, and do that (I
recommend phpldap for this - I used the custom version in egroupware, mostly)
2. Get Linux to authenticate to the LDAP directory.
a) I had a lot of trouble with this, be careful because it's easy to lock
yourself out of your computer - have a knoppix handy
b) this is done mostly with PAM, Nsswitch, pam_ldap, and probably others. It's
hard to remember it exactly, b/c once I got it, it just
worked, and all I've done since is copy those files from /etc/ to my other
workstations
3. Get Samba working using LDAP directory as it's database, and get Windows
Domain working.
a) I think I had the most trouble with this one, mainly because I kept going at
it too soon I think. Once I got it, it just went
b) I think part of my troubles were that the smbldap package was key to getting
this to work, and I couldn't get it to run, because of
perl package dependencies. For some reason a perl module it needed to run
wasn't a requirement of the smbldap package, so
whenever I'd try to run smbldap-useradd, for example, I'd get a big long perl
error. Finally, after studying the error for long enough,
I figured out what perl module it needed, and installed the debian package for
it. After that, things went smooth. I'm still working
through a couple little niggly issues, but for the most part that did it.
- --
- --------------------------------------------------------------------------------
Chicken Soup:
An ancient miracle drug containing equal parts of aureomycin,
cocaine, interferon, and TLC. The only ailment chicken soup
can't cure is neurotic dependence on one's mother.
-- Arthur Naiman, "Every Goy's Guide to Yiddish"
Monday Jan 16, 2006
- --------------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQEVAwUBQ8vDg63rZxntQpytAQLTZwgAoTJsrMyj2mbPW//eD/iDahThvRGiUu/+
W4jxORozivDOKKMw6tmgysPRTQO7QxUyQWckBI6uMudD3h+T6WjeY8aG+t3GMQlA
uzXJiHmosZZf6ZfgX/d24qI+Dx9Lnkndlg9p+GMZyZvftatOW7BvW5Gf5oykiLSR
lVVg3GGt6bbmV/Dk5rUm++flFYUYybrv2ZVqZWIBSh4F+pJnsacV3y6nFilGzmH6
mZ0q9ZUqg4ERMfTFa4as0lb2pyrtuxGIudlh7M3DLHOJKDcxRFAFGqHMizbn2Wsg
iUL17uLzCqEQb3WxlIV9KfDqc8U2zA1DtCKYHOqfMCTWxRaYgNMcQw==
=GL4S
-----END PGP SIGNATURE-----
Reply to: