[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Fedora-directory-users] Forgive the misunderstandings of a "newb"

lists scott-ackerman com wrote:
I thought I was smart until I dove into LDAP. I am the sole part-time IT
Manager for a charter school (240 students, 20 staff, 60 computers) and
am migrating away from a Windows server environment to Linux. The only
services that are being provided by a Windows server now are AD, file
and print sharing services. Since we are turning about 15 of our student
computers into Linux stations, I decided on a "simpler" method of
managing authentication, login etc. and chose Fedora Directory Server
(after having beat my head against the wall with strictly OpenLDAP for a
month). I have successfully set up FDS and entered all students and
staff. I have decided not to sync against our AD server because we are
changing the student login method, the old format was locker number for
user name and then a password. I have decided to use the first.last name
for user name and then a password.

I am trying to set up posix authentication and Samba and am having
difficulties with both, technical on the former and understanding on the
latter. First posix, I have followed the how to on the FDS Wiki, but
there seems to be some steps missing. I have gotten an authenticated
student logon, but only after having created an account on the local
machine with the same UID. I made sure that the password was different
in FDS than when I created the user on the local machine and I am able
to login to using either password which would indicate to me that I am
successfully authenticating to FDS. However I don't particularly care to
have to add 240 students on all 15 computers to make this work, not to
mention all of the "home" directories that will be mounted from the NFS
server. So the questions is, what steps am I missing here?
It sounds like you need to configure nss_ldap. Assuming you have nss_ldap installed on your client systems, you should be able to add "ldap" as a service for looking up users and groups in your /etc/nsswitch.conf file.

Samba. As I understand it, Windows will only authenticate against an NT
or "NT like (aka. Samba)" server, which means as far as I can tell that
either I have Samba sync against FDS or I use pGina on the Windows side
to authenticate directly against LDAP or scrap LDAP all together and
just use an NIS server (don't think this is a good idea, but it is a
possiblity). Of course trying to assess the pros and cons of either has
been somewhat difficult at best. Also the FDS Samba how-to doesn't cover
computer management which Samba is going to have to deal with as well.

Before someone replies with a "RTFM", I have read the Install Guide as
well as the Red Hat Directory Server documentation and I am currently
half-way through the book "Understanding and Deploying LDAP Directory
Services", so I have a reasonable understanding of how to get into
trouble. Of course none of these provide in-depth (nor should they)
information as to how to integrate with other services. I have spent a
month reading, tinkering etc., and I am not asking anyone else to do my
work for me, but I have seem to hit a wall and need a couple of
"breadcrumbs" to get me back on the trail. Thank you for your patience
and understanding.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]