[K12OSN] ltsp client authentication with separate k12ltsp and smb/ldap boxes
Steve Kossakoski
skossakoski at sau16.org
Wed Jan 12 21:18:22 UTC 2005
We got a Samba/LDAP server and a separate K12LTSP box up and running.
We ran 'authconfig' on the K12LTSP box, and we configured it to
authenticate to our Samba/LDAP server.
Our test user was "art".
We could log into a Windows client as "art".
We could ssh into the Samba/LDAP server as "art".
We could ssh into the K12LTSP server as "art".
We could log into a K12LTSP client as "root".
We COULD NOT log into a K12LTSP client as "art".
FYI, we did the NFS mount of /home, though of course that doesn't have
anything to do with authentication.
Just now, I set up an identical test network here at home and I got the
same results. I've poked around Google a bit but I haven't found
anything that helps with exactly this problem. (I've found some
how-tos on setting up LDAP clients in general but they primarily say
"run authconfig", and the extra steps they prescribe actually break ssh
access/authentication to the K12LTSP server, so THAT can't be
right.)
Does anyone here have any advice? It looks like everything is up and
running fine, except that the LTSP clients themselves aren't
authenticating to LDAP even though the K12LTSP server is.
If I create a regular Unix user on the K12LTSP server that user can log
into an LTSP client without a problem (and that's how root is able to
log into a k12ltsp client).
I don't yet have a clear understanding of how users of the LTSP clients
authenticate at all, so I'm sure that's contributing to my confusion.
It looks to me as if they authenticate using the UNIX passwd/shadow
file of the k12ltsp server, and I'm not sure how to point the LTSP
clients to the LDAP server instead. I tried messing with settings in
/opt/ltsp/i386/etc/nsswitch.conf, but it didn't seem to make any
difference...
(I copied /etc/nsswitch.conf to /opt/ltsp/i386/etc/ and rebooted a
client - but to no avail.)
My next thought was that I need an LDAP client installed in
/opt/ltsp/i386/ for the LTSP clients - but nobody else has mentioned
needing to do that, so there *must* be another answer...
We will appreciate any advice you can provide!
More information about the K12OSN
mailing list