[K12OSN] smbldap - adding ldap users to local groups

David Hopkins dahopkins429 at gmail.com
Sat Oct 20 13:09:49 UTC 2007 

I have multiple distros. It is straightforward.  Set up your ldap server
with all your users and groups. Then, have your other systems authenticate
against the system running ldap.  You can use authconfig to specify the ldap
server's IP address.  This is a very very short intro, but you have a
central authentication server with LDAP and it is used to authenticate
everyone everywhere. No need for local accounts on each system. The
MS-centric corollary is the idea of a Domain and Domain Users in Active
Directory. (which is just an ldap database as well)




On 10/20/07, Rob Owens <rowens at ptd.net> wrote:
>
> On Fri, Oct 19, 2007 at 07:55:53PM -0400, Rob Owens wrote:
> > How can I add LDAP users to local system groups?  I am trying to move to
> LDAP, but I'm a bit confused now...  I tried to add a new LDAP user to the
> "fuse" group (which is a non-LDAP group) and I got the
> message:  /usr/sbin/smbldap-usermod: group "fuse" doesn't exist
> >
> > Am I supposed to make an LDAP group for every one of my local system
> groups?  This seems dangerous, because there's no guarantee that the "fuse"
> group on one of my systems is treated the same as the "fuse" group on
> another system.
> >
>
> Here's an example of what I'm concerned about.
>
> I compared /etc/group on a Debian Etch machine and an Ubuntu Feisty
> machine.  Here are some system group numbers that are different between the
> two machines.
>
> gid     Etch group      Feisty Group
> 101     crontab         dhcp
> 102     Debian-exim     syslog
> 103     ssh             klog
> 104     messagebus      ssl-cert
> 105     avahi           crontab
> 106     netdev          ssh
> 107     lpadmin         messagebus
> 108     haldaemon       avahi
> 109     powerdev        lpadmin
> 110     scanner         haldaemon
> 111     gdm             scanner
> 112     backuppc        slocate
> 113     ntp             gdm
> 114     openldap        admin
> 116     mythtv          avahi-autoipd
> 117     bind            netdev
> 118     winbindd_priv   nvram
>
> For gids from 0 to 100, the Etch and Feisty group names are identical.  My
> Centos 5 system, however, has differences in the 0-100 range.  Additionally,
> the Centos system has the all-important "fuse" group at gid 101, whereas the
> Etch and Feisty systems have "fuse" at gid 115.
>
> So if I want to have multiple distros on the same network, how do I
> properly tie them together with LDAP?
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20071020/2d401195/attachment.htm>

More information about the K12OSN mailing list