[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] NFS mounting K12LTSP and LDAP....HELP!



On Sun, 1 Jun 2003, David Trask wrote:

>Hi folks!
>
>Ok, I've gotten my LDAP/Samba server up and running as a PDC with Windows
>roaming profiles and all....so...now to integrate it with K12LTSP and get
>some nice person to help write a mass user import script.

You did take notes on setting up the LDAP/Samba PDC and will be posting
them, right? ;-)  <hint, hint!>

>So....
>
>What I need is directions on how to integrate this with a K12LTSP server. 
>I want my LDAP server to be a seperate machine that authenticates my
>K12LTSP users and exports the home dirs to the K12LTSP server.  No users
>or actual user data will live on the K12LTSP server....it'll all be
>exported from the LDAP box.  I know it's somewhat possible as I tried the
>whole NFS export thing with the copying of
>groups/passwords/shadow...etc.....way back when.  I think it was Chris
>Hobbs who showed me how to do that.  Now I want to do it with LDAP.
>
>I need the how-to for all of it...even the NFS export and mount...as it
>was so long ago when I did it before I've forgotten most of it.  How do I
>set the K12LTSP box to authenticate to my LDAP box?  Do I use authconfig?  

LDAP
----

Authconfig can do most of the work.

If you have been playing around with my ldaphack scripts (I believe you
said you were in a an earlier post), the configureldap-client.sh will
do all the dirty work for you.

If you want to do it by hand, that is easy as well. You can run
authconfig, select LDAP, and fill in the LDAP base and server. 

My script does it by running authconfig with all of the parameters
defined. In the example below, replace LDAPBASE with your LDAP base
and LDAPSERVER with your LDAP server...

	authconfig --kickstart --enablecache --enableshadow  --enablemd5 --enableldap --enableldapauth --ldapserver LDAPSERVER --ldapbasedn LDAPBASE

then append the following lines to /etc/ldap.conf (again, substituting
your LDAP base for LDAPBASE)

	nss_base_passwd        ou=People,LDAPBASE?one
	nss_base_shadow        ou=People,LDAPBASE?one
	nss_base_group         ou=Group,LDAPBASE?one
	nss_base_hosts         ou=Hosts,LDAPBASE?one
	nss_base_services      ou=Services,LDAPBASE?one
	nss_base_networks      ou=Networks,LDAPBASE?one
	nss_base_protocols     ou=Protocols,LDAPBASE?one
	nss_base_rpc           ou=Rpc,LDAPBASE?one


That's it!


NFS
---

On your file server, add the following lines to /etc/exports

	/home	10.1.2.3/255.255.255.255(rw)

Replace "10.1.2.3" with the IP address of the "client" server. You can
spec a whole range of course, such as "10.0.0.0/255.0.0.0" for all of
the 10.x.x.x addresses.

Now run "exportfs -a".

Also double-check that you are not firewalling off access to NFS & portmap
(UDP ports 111 & 2049).


On the client side, add the following line to your /etc/fstab
(replacing "server" with the name of your server)

        server:/home /home nfs  defaults,rsize=8192,wsize=8192  0 0

Also double-check that you are not firewalling off access to NFS & portmap
(UDP ports 111 & 2049).

Now run "mount /home". cd to /home and verify that you see the same 
directories that are on the server.


>Second....
>
>I could use some help creating a mass (bulk) import user script for my
>LDAP/Samba set up.  I have two scripts that I use to create my
>users....they are:
>
>smbldap-useradd.pl    
>http://www.vcs.u52.k12.me.us/linux/smbldap-useradd.pl
>
>smbldap-passwd.pl      http://www.vcs.u52.k12.me.us/linux/smbldap-passwd.pl
>
>I've posted them for anyone who wants a look or they're also at
>www.idealx.org  in the Samba projects area under smbldap-tools.
>
>I'd like to be able to have the script use a text file similar to   
>username,First Name Last Name, password  (possibly group?)
>
>right now I use the following command  
>
>smbldap-useradd.pl -a -m -c "John Doe" jdoe
>
>That adds the user...and then I have to run the password script....
>
>smbldap-passwd.pl jdoe
>type new password:
>retype new password:
>
>It's the password prompt that throws me...otherwise I could simply do it
>all with a shell script....
>
>smbldap-passwd jsmith
>smbldap-passwd jdoe
>smbldap-passwd jjohnson
>smbldap-passwd msmith
>
>so forth and so on.....
>
>Can anyone help out?  I haven't a clue about perl scripts and I could
>really use the help.....fame and fortune could be yours...not to mention
>my gratitude and the gratitude of others who would use this.
>
>Thanks!  :-)

I'll try to whip up a useful bulk-add script this week. This is on my
summer TODO list for my schools...

-Eric




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]