-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mauro Condarelli wrote: >>========================== >>Date: Sat, 14 Jan 2006 11:31:53 -0500 >>From: Jay Zach <[EMAIL PROTECTED]> >>To: debian-user@lists.debian.org >>Subject: Re: Centralized user management: what is best? >>========================== >> >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA1 >> >>Mauro Condarelli wrote: >> >>>Hi, >>>I have a small (<8 hosts) lan with mixed Linux (debian) and > > >>I started small, just getting the LDAP database working. I then >>went on to >>figure out how to use PAM, nsswitch, et al, to auth my linux >>workstations to ldap. >> >>Finally I got my Samba server working as a Windows domain, and >>using LDAP. It >>was a long road, but worth it, and I now have much more knowledge >>of the subject. >> >>Contact me if you want my pertinent config files. > > Thanks. > Advise would be welcome. > Either in the form of Your current config files or, better, in the > form of a "roadmap", so I can avoid false starts and remain on track. > The sheer size of the pertinent manuals/howtos is discouraging. > > >>Good Luck :) > > I Know I'll need that! :) :) :) > > TiA > Mauro >
I pretty much already outlined my 'roadmap' as I would recommend it :) 1. Get LDAP directory implemented a) add a few people to it as test b) use it as an address book first ( I think this is easiest), get email clients to query it for addresses c) learn what you need to do to add a few user accounts to it, and do that (I recommend phpldap for this - I used the custom version in egroupware, mostly) 2. Get Linux to authenticate to the LDAP directory. a) I had a lot of trouble with this, be careful because it's easy to lock yourself out of your computer - have a knoppix handy b) this is done mostly with PAM, Nsswitch, pam_ldap, and probably others. It's hard to remember it exactly, b/c once I got it, it just worked, and all I've done since is copy those files from /etc/ to my other workstations 3. Get Samba working using LDAP directory as it's database, and get Windows Domain working. a) I think I had the most trouble with this one, mainly because I kept going at it too soon I think. Once I got it, it just went b) I think part of my troubles were that the smbldap package was key to getting this to work, and I couldn't get it to run, because of perl package dependencies. For some reason a perl module it needed to run wasn't a requirement of the smbldap package, so whenever I'd try to run smbldap-useradd, for example, I'd get a big long perl error. Finally, after studying the error for long enough, I figured out what perl module it needed, and installed the debian package for it. After that, things went smooth. I'm still working through a couple little niggly issues, but for the most part that did it. - -- - -------------------------------------------------------------------------------- Chicken Soup: An ancient miracle drug containing equal parts of aureomycin, cocaine, interferon, and TLC. The only ailment chicken soup can't cure is neurotic dependence on one's mother. -- Arthur Naiman, "Every Goy's Guide to Yiddish" Monday Jan 16, 2006 - -------------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQEVAwUBQ8vDg63rZxntQpytAQLTZwgAoTJsrMyj2mbPW//eD/iDahThvRGiUu/+ W4jxORozivDOKKMw6tmgysPRTQO7QxUyQWckBI6uMudD3h+T6WjeY8aG+t3GMQlA uzXJiHmosZZf6ZfgX/d24qI+Dx9Lnkndlg9p+GMZyZvftatOW7BvW5Gf5oykiLSR lVVg3GGt6bbmV/Dk5rUm++flFYUYybrv2ZVqZWIBSh4F+pJnsacV3y6nFilGzmH6 mZ0q9ZUqg4ERMfTFa4as0lb2pyrtuxGIudlh7M3DLHOJKDcxRFAFGqHMizbn2Wsg iUL17uLzCqEQb3WxlIV9KfDqc8U2zA1DtCKYHOqfMCTWxRaYgNMcQw== =GL4S -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]