[Fedora-directory-users] Forgive the misunderstandings of a "newb"

Keir Whitlock keir.whitlock at jobsite.co.uk
Fri Feb 9 17:07:25 UTC 2007 

System-config-authentication should have picked this up on newer
versions of redhat and fedora

 
 
 
 
_________________________________________ 
Keir Whitlock
Unix Systems Administrator
Unix Operations Team


T: +44 (0)870 7748500
F: +44 (0)870 7748501
E: keir.whitlock at jobsite.co.uk 
W: www.jobsite.co.uk 


Legally privileged/Confidential Information may be contained in this
message. If you are not the addressee(s) legally indicated in this
message (or responsible for delivery of the message to such person), you
may not copy or deliver this message to anyone. In such case, you should
destroy this message, and notify us immediately. If you or your employer
does not consent to Internet e-mail messages of this kind, please advise
us immediately. Opinions, conclusions and other information expressed in
this message are not given or endorsed by my firm or employer unless
otherwise indicated by an authorised representative independent of this
message. Please note that despite using the latest virus software,
neither my employer nor I accept any responsibility for viruses and it
is your responsibility to scan attachments (if any).


-----Original Message-----
From: fedora-directory-users-bounces at redhat.com
[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Nathan
Kinder
Sent: 09 February 2007 16:26
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] Forgive the misunderstandings of a
"newb"

Scott Ackerman wrote:
> Thanks Nathan, but where did I miss that in the how-to?
>   
It appears to be missing from the how-to (some of the how-to's do make 
reference to nss_ldap being required though).
> Nathan Kinder wrote:
>   
>> lists at scott-ackerman.com wrote:
>>     
>>> I thought I was smart until I dove into LDAP. I am the sole
part-time IT
>>> Manager for a charter school (240 students, 20 staff, 60 computers)
and
>>> am migrating away from a Windows server environment to Linux. The
only
>>> services that are being provided by a Windows server now are AD,
file
>>> and print sharing services. Since we are turning about 15 of our
student
>>> computers into Linux stations, I decided on a "simpler" method of
>>> managing authentication, login etc. and chose Fedora Directory
Server
>>> (after having beat my head against the wall with strictly OpenLDAP
for a
>>> month). I have successfully set up FDS and entered all students and
>>> staff. I have decided not to sync against our AD server because we
are
>>> changing the student login method, the old format was locker number
for
>>> user name and then a password. I have decided to use the first.last
name
>>> for user name and then a password.
>>>
>>> I am trying to set up posix authentication and Samba and am having
>>> difficulties with both, technical on the former and understanding on
the
>>> latter. First posix, I have followed the how to on the FDS Wiki, but
>>> there seems to be some steps missing. I have gotten an authenticated
>>> student logon, but only after having created an account on the local
>>> machine with the same UID. I made sure that the password was
different
>>> in FDS than when I created the user on the local machine and I am
able
>>> to login to using either password which would indicate to me that I
am
>>> successfully authenticating to FDS. However I don't particularly
care to
>>> have to add 240 students on all 15 computers to make this work, not
to
>>> mention all of the "home" directories that will be mounted from the
NFS
>>> server. So the questions is, what steps am I missing here?
>>>   
>>>       
>> It sounds like you need to configure nss_ldap.  Assuming you have
>> nss_ldap installed on your client systems, you should be able to add
>> "ldap" as a service for looking up users and groups in your
>> /etc/nsswitch.conf file.
>>
>> -NGK
>>     
>>> Samba. As I understand it, Windows will only authenticate against an
NT
>>> or "NT like (aka. Samba)" server, which means as far as I can tell
that
>>> either I have Samba sync against FDS or I use pGina on the Windows
side
>>> to authenticate directly against LDAP or scrap LDAP all together and
>>> just use an NIS server (don't think this is a good idea, but it is a
>>> possiblity). Of course trying to assess the pros and cons of either
has
>>> been somewhat difficult at best. Also the FDS Samba how-to doesn't
cover
>>> computer management which Samba is going to have to deal with as
well.
>>>
>>> Before someone replies with a "RTFM", I have read the Install Guide
as
>>> well as the Red Hat Directory Server documentation and I am
currently
>>> half-way through the book "Understanding and Deploying LDAP
Directory
>>> Services", so I have a reasonable understanding of how to get into
>>> trouble. Of course none of these provide in-depth (nor should they)
>>> information as to how to integrate with other services. I have spent
a
>>> month reading, tinkering etc., and I am not asking anyone else to do
my
>>> work for me, but I have seem to hit a wall and need a couple of
>>> "breadcrumbs" to get me back on the trail. Thank you for your
patience
>>> and understanding.
>>>
>>>   
>>>       
>>
------------------------------------------------------------------------
>>
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>   
>>     
>
>

More information about the Fedora-directory-users mailing list