LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] system authentication using ldap

[ILUG] system authentication using ldap

bryan hunt bryan.hunt at ossidian.com
Thu Dec 19 16:11:05 GMT 2002 

I think I'm going to write a how to about this stuff because what 
documentation is out there sucks.

It takes a bit of time to get into the ldap mindset but this is basically how 
it works .

Get a samba rpm which has been compiled with ldap support ( or compile 2.7 
with the right flags )

Install openldap 

Follow the instructions in the samba project documentation for setting up a 
samba pdc using ldap authentication. 

Now you have to create a password entry for every user that you want 
in your domain . So if you are adding paul you have to do 
useradd paul.

Then you use the script  (  /usr/share/samba/scripts/smbldap-useradd.pl -a -u 
1300 -m -P paul ) that samba provides to set up a samba workstation account 
for the user, this is rather that using the usual smbpasswd to add them to 
the domain.

Now this is basically a duplication of effort so hence the interest in the 
nsswitch stuff. The problem ? with samba is that it needs a user account for 
each samba account which make sense I suppose. 

But if you do the stuff with the nsswitch.conf ( see the earlier email that I 
sent ) then you dont have to go to the trouble of creating system users 
because the smbldap-useradd.pl script creates all the posix stuff for you 
anyway.

I'm going to leave it at that for now, I'm going to have to write an internal 
setup document anyway so when I get it done I'll post to the list. 

If any of you want the configuration files that I've got for my test setup 
just mail me and I'll send them over to you.

The LDAP rocks !!!!!

--B




On Thursday 19 December 2002 14:02, Paul Reilly wrote:
> Hi Bryan,
>
> > address book, unix login, domain authentication for windoze
> > boxes .... hmmm what else can I add into i
>
> Interesting that you've got this setup with windows too.
> Is it transparent? Do you need to do any client side config
> on the windows boxes, or do they just see it as a PDC ?
> Are you using Samba with LDAP to do this?
> How many windows boxes do you have authenticating with it?
>
> nice one,
>
> Paul

-- 
Bryan Hunt
Systems Enginering Manager 
Ossidian Technologies  Ltd  
Blackrock
Co Dublin
IRELAND 

Tel +353-1-2787111 Fax +353-1-2787136

See us at :-

18-21 February 2003
Palais des Festivals
Cannes, France
Ireland Stand No: B22, Hall 1

IMPORTANT :- The contents of this email are confidential and may contain 
legally privileged information. If you are not a named addressee, please 
notify the sender. We take reasonable precautions using Sophos anti-virus 
software to ensure that all data generated by us has been checked for viruses 
and accept no responsibility in this regard

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell