* jonty g...@jonmail.co.uk [Sun Jan 02, 2011 at 03:01:23PM +]:
I have been using grml for the last couple of months. I am building a
network of about 20 machines, all running grml, and I want them to share
a single set of login names and passwords.
Nice! :)
So I decided to configure OpenLDAP as a service on one machine and
configure the other machines to find login+password from this
service.
I am following the instructions set out at:
http://wiki.debian.org/LDAP/NSS
http://www.debian-administration.org/article/585/OpenLDAP_installation_on_Debian
They suggest I use libnss-ldap. But this package seems to be missing
from my copy of grml 2010.04. I have also checked the package list
for 2010.12 and that does not contain libnss-ldap.
This seems a strange omission from grml. It contains slapd to run the
service and several clients such as freeradius-ldap, libnet-ldap-perl,
postfix-ldap, and smbldap-tools. So why not libnss-ldap?
libnss-ldap requires pre-configuration to be useful and no shipped
package has a hard dependency on it, that's why it's not shipped by
default.
I could install libnss-ldap on each client machine. But then I have to
repeat those same steps on 20 machines, which makes it 20 times more
likely I will make a mistake somewhere.
I tried apt-get install libnss-ldap on a test machine. This started
updating libc-bin and installing locales, which seemed a good way of
breaking the distro. Can anyone suggest a better approach? Should I
remaster the CD? Is there some gmrl magic I am missing? Is there a
different tool for login+password that is not ldap?
Just grab Grml 2010.12 (current stable release) and run apt-get
install libnss-ldap there, no major updates (like libc) should be
necessary then.
If you want to have libnss-ldap persistent you can either use
http://wiki.grml.org/doku.php?id=persistency (not that great for 20
machines probably though), the debs=... bootoption to install it
during bootup (see http://grml.org/cheatcodes/), remaster it using
grml-live (see http://grml.org/grml-live/) or if PXE booting is an
option provide the adjusted grml_chroot (either from grml-live or
based on the official ones from
http://debian.netcologne.de/www.grml.org/release-chroots/) through
PXE.
regards,
-mika-
signature.asc
Description: Digital signature
___
Grml mailing list - Grml@mur.at
http://lists.mur.at/mailman/listinfo/grml
join #grml on irc.freenode.org
grml-devel-blog: http://grml.supersized.org/