lists scott-ackerman com wrote:
It sounds like you need to configure nss_ldap. Assuming you have nss_ldap installed on your client systems, you should be able to add "ldap" as a service for looking up users and groups in your /etc/nsswitch.conf file.I thought I was smart until I dove into LDAP. I am the sole part-time IT Manager for a charter school (240 students, 20 staff, 60 computers) and am migrating away from a Windows server environment to Linux. The only services that are being provided by a Windows server now are AD, file and print sharing services. Since we are turning about 15 of our student computers into Linux stations, I decided on a "simpler" method of managing authentication, login etc. and chose Fedora Directory Server (after having beat my head against the wall with strictly OpenLDAP for a month). I have successfully set up FDS and entered all students and staff. I have decided not to sync against our AD server because we are changing the student login method, the old format was locker number for user name and then a password. I have decided to use the first.last name for user name and then a password. I am trying to set up posix authentication and Samba and am having difficulties with both, technical on the former and understanding on the latter. First posix, I have followed the how to on the FDS Wiki, but there seems to be some steps missing. I have gotten an authenticated student logon, but only after having created an account on the local machine with the same UID. I made sure that the password was different in FDS than when I created the user on the local machine and I am able to login to using either password which would indicate to me that I am successfully authenticating to FDS. However I don't particularly care to have to add 240 students on all 15 computers to make this work, not to mention all of the "home" directories that will be mounted from the NFS server. So the questions is, what steps am I missing here?
Samba. As I understand it, Windows will only authenticate against an NT or "NT like (aka. Samba)" server, which means as far as I can tell that either I have Samba sync against FDS or I use pGina on the Windows side to authenticate directly against LDAP or scrap LDAP all together and just use an NIS server (don't think this is a good idea, but it is a possiblity). Of course trying to assess the pros and cons of either has been somewhat difficult at best. Also the FDS Samba how-to doesn't cover computer management which Samba is going to have to deal with as well. Before someone replies with a "RTFM", I have read the Install Guide as well as the Red Hat Directory Server documentation and I am currently half-way through the book "Understanding and Deploying LDAP Directory Services", so I have a reasonable understanding of how to get into trouble. Of course none of these provide in-depth (nor should they) information as to how to integrate with other services. I have spent a month reading, tinkering etc., and I am not asking anyone else to do my work for me, but I have seem to hit a wall and need a couple of "breadcrumbs" to get me back on the trail. Thank you for your patience and understanding.
Description: S/MIME Cryptographic Signature