[Fedora-directory-users] Forgive the misunderstandings of a "newb"

Nathan Kinder nkinder at redhat.com
Fri Feb 9 16:26:20 UTC 2007 

Scott Ackerman wrote:
> Thanks Nathan, but where did I miss that in the how-to?
>   
It appears to be missing from the how-to (some of the how-to's do make 
reference to nss_ldap being required though).
> Nathan Kinder wrote:
>   
>> lists at scott-ackerman.com wrote:
>>     
>>> I thought I was smart until I dove into LDAP. I am the sole part-time IT
>>> Manager for a charter school (240 students, 20 staff, 60 computers) and
>>> am migrating away from a Windows server environment to Linux. The only
>>> services that are being provided by a Windows server now are AD, file
>>> and print sharing services. Since we are turning about 15 of our student
>>> computers into Linux stations, I decided on a "simpler" method of
>>> managing authentication, login etc. and chose Fedora Directory Server
>>> (after having beat my head against the wall with strictly OpenLDAP for a
>>> month). I have successfully set up FDS and entered all students and
>>> staff. I have decided not to sync against our AD server because we are
>>> changing the student login method, the old format was locker number for
>>> user name and then a password. I have decided to use the first.last name
>>> for user name and then a password.
>>>
>>> I am trying to set up posix authentication and Samba and am having
>>> difficulties with both, technical on the former and understanding on the
>>> latter. First posix, I have followed the how to on the FDS Wiki, but
>>> there seems to be some steps missing. I have gotten an authenticated
>>> student logon, but only after having created an account on the local
>>> machine with the same UID. I made sure that the password was different
>>> in FDS than when I created the user on the local machine and I am able
>>> to login to using either password which would indicate to me that I am
>>> successfully authenticating to FDS. However I don't particularly care to
>>> have to add 240 students on all 15 computers to make this work, not to
>>> mention all of the "home" directories that will be mounted from the NFS
>>> server. So the questions is, what steps am I missing here?
>>>   
>>>       
>> It sounds like you need to configure nss_ldap.  Assuming you have
>> nss_ldap installed on your client systems, you should be able to add
>> "ldap" as a service for looking up users and groups in your
>> /etc/nsswitch.conf file.
>>
>> -NGK
>>     
>>> Samba. As I understand it, Windows will only authenticate against an NT
>>> or "NT like (aka. Samba)" server, which means as far as I can tell that
>>> either I have Samba sync against FDS or I use pGina on the Windows side
>>> to authenticate directly against LDAP or scrap LDAP all together and
>>> just use an NIS server (don't think this is a good idea, but it is a
>>> possiblity). Of course trying to assess the pros and cons of either has
>>> been somewhat difficult at best. Also the FDS Samba how-to doesn't cover
>>> computer management which Samba is going to have to deal with as well.
>>>
>>> Before someone replies with a "RTFM", I have read the Install Guide as
>>> well as the Red Hat Directory Server documentation and I am currently
>>> half-way through the book "Understanding and Deploying LDAP Directory
>>> Services", so I have a reasonable understanding of how to get into
>>> trouble. Of course none of these provide in-depth (nor should they)
>>> information as to how to integrate with other services. I have spent a
>>> month reading, tinkering etc., and I am not asking anyone else to do my
>>> work for me, but I have seem to hit a wall and need a couple of
>>> "breadcrumbs" to get me back on the trail. Thank you for your patience
>>> and understanding.
>>>
>>>   
>>>       
>> ------------------------------------------------------------------------
>>
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>   
>>     
>
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3241 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20070209/d31b65cc/attachment.bin>

More information about the Fedora-directory-users mailing list