Thanks Luke for further details... On Wed, Sep 15, 2010 at 12:22 PM, theluketaylor <[email protected]>wrote:
> David, > > Hopefully my answers shed some more light > The flashlight continues to shine into corners... > > > or just have a root terminal open on the test server. Either way > works. If you mess up your PAM config in certain ways you won't be > able to create new sessions (which also means sudo is out) but > existing sessions will work.; You'll be logging in and out to test > the config so you need to be sure you have a lifeline in case > something goes wrong. Also don't reboot the server until you're sure > you can login correctly. > I kind of get this but not sure of details--So I call the session with something like Control-Alt-F2? And it's always in the background as long as I don't reboot the computer? > While I just use AD to manage memberships it is possible to add AD > users to local unix groups. Having never had to do it myself I can`t > speak to how easy it would be but I`m not sure you`d be able to use > the graphical user and groups gnome tool. I do know the command line > addgroup scripts work fine though > I think I'll open a new thread up for this question--it is key. > > > > Does this affect how I setup squid proxy? > > Depends on if you use transparent or authenticated mode. We have a > school-wide authenticated squid proxy. I have added a global setting > to firefox on our edubuntu server (found in /etc/firefox-3.6/default > or something like that) to define the proxy server settings so when > users open firefox the first time the setting is automatically added. > If you use transparent mode you shouldn't have to do anything > I'd like to use authenticated as it leaves an accountability trail for users--Glad this works. > > > How would this system relate to using Sabayon to managing users gconf > > preferences? > Integrating AD into PAM means as far as applications are concerned AD > users are local unix users. So you can use sabayon just as before, > you can even have it use AD groups to choose what settings to apply. > I have one profile for an AD group called students_g and one for > teachers_g but you could go as fine-grained as you like. > This is why I need groups on my computer--the district doesn't have fine-grain grouping. I'll dive in to this after I've cleared up about local user accounts. David
-- edubuntu-users mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users
