-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mauro Condarelli wrote:
>>==========================
>>Date: Sat, 14 Jan 2006 11:31:53 -0500
>>From: Jay Zach <[EMAIL PROTECTED]>
>>To: debian-user@lists.debian.org
>>Subject: Re: Centralized user management: what is best?
>>==========================
>>
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Hash: SHA1
>>
>>Mauro Condarelli wrote:
>>
>>>Hi,
>>>I have a small (<8 hosts) lan with mixed Linux (debian) and 
> 
> 
>>I started small, just getting the LDAP database working.  I then 
>>went on to
>>figure out how to use PAM, nsswitch, et al, to auth my linux 
>>workstations to ldap.
>>
>>Finally I got my Samba server working as a Windows domain, and 
>>using LDAP.  It
>>was a long road, but worth it, and I now have much more knowledge 
>>of the subject.
>>
>>Contact me if you want my pertinent config files.
> 
> Thanks.
> Advise would be welcome.
> Either in the form of Your current config files or, better, in the 
> form of a "roadmap", so I can avoid false starts and remain on track.
> The sheer size of the pertinent manuals/howtos is discouraging.
> 
> 
>>Good Luck :)
> 
> I Know I'll need that! :) :) :)
> 
> TiA
> Mauro
> 


I pretty much already outlined my 'roadmap' as I would recommend it :)

1. Get LDAP directory implemented
        a) add a few people to it as test
        b) use it as an address book first ( I think this is easiest), get email
clients to query it for addresses
        c) learn what you need to do to add a few user accounts to it, and do 
that (I
recommend phpldap for this - I used the custom version                  in 
egroupware, mostly)
2. Get Linux to authenticate to the LDAP directory.
        a) I had a lot of trouble with this, be careful because it's easy to 
lock
yourself out of your computer - have a knoppix handy
        b) this is done mostly with PAM, Nsswitch, pam_ldap, and probably 
others.  It's
hard to remember it exactly, b/c once I got it, it just         
                worked, and all I've done since is copy those files from /etc/ 
to my other
workstations

3. Get Samba working using LDAP directory as it's database, and get Windows
Domain working.
        a) I think I had the most trouble with this one, mainly because I kept 
going at
it too soon I think.  Once I got it, it just went
        b) I think part of my troubles were that the smbldap package was key to 
getting
this to work, and I couldn't get it to run, because of  
        perl package dependencies.  For some reason a perl module it needed to 
run
wasn't  a requirement of the smbldap package, so
        whenever I'd try to run smbldap-useradd, for example, I'd get a big 
long perl
error.  Finally, after studying the error for long enough,
        I figured out what perl module it needed, and installed the debian 
package for
it.  After that, things went smooth.  I'm still working         
        through a couple little niggly issues, but for the most part that did 
it.
- --
- 
--------------------------------------------------------------------------------

Chicken Soup:
        An ancient miracle drug containing equal parts of aureomycin,
        cocaine, interferon, and TLC.  The only ailment chicken soup
        can't cure is neurotic dependence on one's mother.
                -- Arthur Naiman, "Every Goy's Guide to Yiddish"

Monday Jan 16, 2006

- 
--------------------------------------------------------------------------------


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQEVAwUBQ8vDg63rZxntQpytAQLTZwgAoTJsrMyj2mbPW//eD/iDahThvRGiUu/+
W4jxORozivDOKKMw6tmgysPRTQO7QxUyQWckBI6uMudD3h+T6WjeY8aG+t3GMQlA
uzXJiHmosZZf6ZfgX/d24qI+Dx9Lnkndlg9p+GMZyZvftatOW7BvW5Gf5oykiLSR
lVVg3GGt6bbmV/Dk5rUm++flFYUYybrv2ZVqZWIBSh4F+pJnsacV3y6nFilGzmH6
mZ0q9ZUqg4ERMfTFa4as0lb2pyrtuxGIudlh7M3DLHOJKDcxRFAFGqHMizbn2Wsg
iUL17uLzCqEQb3WxlIV9KfDqc8U2zA1DtCKYHOqfMCTWxRaYgNMcQw==
=GL4S
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to