[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] LDAP auth for non-existent accounts & best way to add a K12LTSP server to university network



Jay Pfaffman wrote:

I'm trying to set up a K12LTSP box for my university. I'd like to
authenticate against the university's LDAP (or AD) server for logins
and Samba. If I add a user, they can authenticate against ldap like I
want (SMB works for Mac clients, but not Windoze clients, go figure). I don't know who my users will be and don't want to have to add them. Is there some (easy) way to make it so that if they log in and the
account doesn't already exist it gets set up & stuff copied from
/etc/skel and so on?


Any ideas why Macs can mount Samba, but XP has a problem with
authenticating?  I read something about Samba trying blank passwords
first or something to try to solve some problem with AD or something,
but clearly, I didn't really understand it.

I'm trying hard to convince folks that the teachers we're training
need to be exposed to Linux and OSS in general.  I "won" and got a
pretty nice server.  I lost because it looks like I'm going to be
sysadmin, at least in the short term.  (I'm a Doctor of Philosophy,
Jim, not a sysadmin!  Sysadmins make more money, or did when I started
grad school.)  Worst case I can punt & let our admin install XP on it
and use it as a file server, but I'd rather not.

The other thing that I'll need to figure out is the best way to have
clients connect. I'm inclined to have folks use VNC. I don't control
the network, which makes DCHP and thin clients troublesome & I'm not
sure I trust letting random clients connect via NFS. Is there a
better solution than VNC? What about that NX thing?



I don't know about automatically making home directories when authenticating against the Craptive Directory, but I do know about XP clients authenticating against Samba. Yes, you do have to turn on encrypted passwords if you're using local authentication. This means that you're using something like smbpasswd or TDBSAM.


What I would do is make your Samba server a member server in the Craptive Directory. Then, your Samba server will check against the AD whenever your Windows XP clients want to access files. I did this all the time back in the Samba 2.2 days with Windows NT 4.0 domains; it worked quite well with both NT Workstation 4.0 and Win 2K.

As for thin clients, you might want to talk to your DHCP server administrator about adding the appropriate DHCP scope parameters for your thin clients. Then, you could simply do a single-NIC K12LTSP install, turn off dhcpd, and use your enterprise DHCP setup. This is how I typically do it. The thick clients will simply ignore the tftpboot and nfsmount stuff and act as they always have. Another option is to simply put the thin clients' network drops in a VLAN and put your K12LTSP server's eth0 NIC into that VLAN (I hope you're using Gig-E on eth0!). You would also turn off the built-in firewall so your Win XP clients can access the Samba server.

--TP


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]