Re: Centralized DB of system users
Matthew Seaman(m.sea...@infracaninophile.co.uk)@2008.12.13 22:30:43 +: Sure LDAP is complicated, but it's of the same order of complexity as a RDBMS system like MySQL. And like MySQL, there are right times, places and ways to use it, and wrong ones too. Yes, there is a lot of complexity, but that means there's a lot of flexibility too. Cheers, Matthew I can't disagree more. LDAP is way simpler than any SQL database, even SQLite. That said because people are not familiar/don't grock the simplicity of LDAP, they decide to use SQL databases (partly because everyone else does). Now that we have had LDAP for so many years, insisting on using SQL for authentication/authorization and directory services is just not wise. This is similar to using Apache/PHP/MySQL by default when other, simpler/better options are available. Everyone else does LAMP, so will I. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Centralized DB of system users
Dan wrote: Matthew Seaman(m.sea...@infracaninophile.co.uk)@2008.12.13 22:30:43 +: Sure LDAP is complicated, but it's of the same order of complexity as a RDBMS system like MySQL. And like MySQL, there are right times, places and ways to use it, and wrong ones too. Yes, there is a lot of complexity, but that means there's a lot of flexibility too. Cheers, Matthew I can't disagree more. LDAP is way simpler than any SQL database, even SQLite. That said because people are not familiar/don't grock the simplicity of LDAP, they decide to use SQL databases (partly because everyone else does). For the persistent ones: you can have openldap with a mysql backend :-) I agree completely. Peter -- http://www.boosten.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Centralized DB of system users
Peter Boosten wrote: Dan wrote: I can't disagree more. LDAP is way simpler than any SQL database, even SQLite. That said because people are not familiar/don't grock the simplicity of LDAP, they decide to use SQL databases (partly because everyone else does). For the persistent ones: you can have openldap with a mysql backend :-) I agree completely. ... with Dans' comment. Peter -- http://www.boosten.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Centralized DB of system users
On Tue, Dec 16, 2008 at 8:59 PM, Wojciech Puchar woj...@wojtek.tensor.gdynia.pl wrote: LDAP is the way to go. the right tool for the task is the way to go. 100% agree. generally speaking now. a great day, v ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Centralized DB of system users
LDAP is the way to go. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Centralized DB of system users
LDAP is the way to go. the right tool for the task is the way to go. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Centralized DB of system users
On Fri, 2008-12-12 at 09:48 +0200, Valentin Bud wrote: Hello list, I don't know if the Subject says what i really want to achieve but i do hope that i will make myself understood. I work for a school and i want to install in 2 labs on very low performance computers (1 Ghz CPU, 126 Mb RAM) some linux distro (zen walk). I *need* to install linux because there are some programs that need to run on those stations and guess what, they only work on linux. There are different students that use those computers and they change frequently. So i thought to make a server, using FreeBSD (of course), that has a database of users so the linux machines don't have local users but they query the DB to get login credentials and such. I don't really know what to look for. So any suggestion and hints to how can i achieve this are welcomed. Perhaps what you are looking for is NIS, or better still LDAP? For greater security try kerberos. NIS should be documented in the handbook, lookup OpenLDAP in ports and follow the links or google Good luck! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Centralized DB of system users
On Sat, 2008-12-13 at 10:08 +0100, Michel Talon wrote: Lowell Gilbert wrote: NIS, which stands for Network Information Services, was developed by Sun Microsystems to centralize administration of UNIX (originally SunOS) systems. It has now essentially become an industry standard; all major UNIX like systems (Solaris, HP-UX, AIX(R), Linux, NetBSD, OpenBSD, FreeBSD, etc) support NIS. I work i am in a mostly Linux shop managed by NIS. However my machines are under FreeBSD and i have no problem getting the NIS info. The only gotcha is that, under Linux you have 2 files for passwds /etc/passwd and /etc/shadow, while under FreeBSD you have just one /etc/master.passwd. So you need to run NIS in compatibility mode on the Linux server, so that passwd and shadow are concatenated. Securitywise it is the same since in any case the shadow information flows on the wire, ready to be captured by a scannner. The main problem with NIS, in my opinion, is that, when the NIS server(s) are down (it always occur once or twice a year here), all the clients are completely frozen immediately, so if you want high availability, better copy the passwd files on each client directly and not use a network server like that. Our previous sysadm had written a couple of replication scripts which worked very well this way. The present one reverted to NIS with this small inconvenient. Replication requires that you only modify passwd files on the server, like with NIS, and then, as soon as a modification is detected, files are propagated on all clients. This is extremely easy to achieve, and *much* more efficient, networkwise than using a thing like NIS or LDAP, where each client is constantly polling the server to get information about home directories, tilde expansions,etc. Wouldn't kerberos be a better alternative? One server (maybe a replicated backup), and all services authenticate with that. Saves shadow on the wire... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Centralized DB of system users
Wouldn't kerberos be a better alternative? One server (maybe a replicated backup), and all services authenticate with that. Saves shadow on the wire... I think the ulitimate question is going to be at what level of pain does the person wish to suffer to achieve his goals there are numerous ways to do it, though some can be painful, if not experienced. I struggle to get my brain around an environment with mulitple OSes in it, where i would lean towards the LDAP method, though you raise a valid point where kerberos could fit nicely, though Im not sure we are aware of the long term goals or the project where one might be adding in other types of Operating Systems. Then we have the discussion of interoperability. If it stays as in his game plan and doesnt encounter scope creep (not like it doesnt happen) at some time, he might wish to choose the best overall design to implement, again my vote would be LDAP. it is the most globally scaable, relocable and interoperable once its deployed allowing for future growth without a serious amount of pain. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Centralized DB of system users
On Sun, 2008-12-14 at 17:59 +0700, Outback Dingo wrote: Wouldn't kerberos be a better alternative? One server (maybe a replicated backup), and all services authenticate with that. Saves shadow on the wire... I think the ulitimate question is going to be at what level of pain does the person wish to suffer to achieve his goals there are numerous ways to do it, though some can be painful, if not experienced. I struggle to get my brain around an environment with mulitple OSes in it, where i would lean towards the LDAP method, though you raise a valid point where kerberos could fit nicely, though Im not sure we are aware of the long term goals or the project where one might be adding in other types of Operating Systems. Then we have the discussion of interoperability. If it stays as in his game plan and doesnt encounter scope creep (not like it doesnt happen) at some time, he might wish to choose the best overall design to implement, again my vote would be LDAP. it is the most globally scaable, relocable and interoperable once its deployed allowing for future growth without a serious amount of pain. Actually kerberos is quite widely supported in one form or other and is mostly interoperable (from my understanding anyway), and its surprisingly easy to implement- easier than ldap in my opinion. Even M$ crap uses it (different implementation, but basically the same). Plus the security it offers is by far worth the pain that could be caused. You mainly have to concentrate attention on the kdc access, as all auth runs off it, instead of every service on the network. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Centralized DB of system users
Lowell Gilbert wrote: NIS, which stands for Network Information Services, was developed by Sun Microsystems to centralize administration of UNIX (originally SunOS) systems. It has now essentially become an industry standard; all major UNIX like systems (Solaris, HP-UX, AIX(R), Linux, NetBSD, OpenBSD, FreeBSD, etc) support NIS. I work i am in a mostly Linux shop managed by NIS. However my machines are under FreeBSD and i have no problem getting the NIS info. The only gotcha is that, under Linux you have 2 files for passwds /etc/passwd and /etc/shadow, while under FreeBSD you have just one /etc/master.passwd. So you need to run NIS in compatibility mode on the Linux server, so that passwd and shadow are concatenated. Securitywise it is the same since in any case the shadow information flows on the wire, ready to be captured by a scannner. The main problem with NIS, in my opinion, is that, when the NIS server(s) are down (it always occur once or twice a year here), all the clients are completely frozen immediately, so if you want high availability, better copy the passwd files on each client directly and not use a network server like that. Our previous sysadm had written a couple of replication scripts which worked very well this way. The present one reverted to NIS with this small inconvenient. Replication requires that you only modify passwd files on the server, like with NIS, and then, as soon as a modification is detected, files are propagated on all clients. This is extremely easy to achieve, and *much* more efficient, networkwise than using a thing like NIS or LDAP, where each client is constantly polling the server to get information about home directories, tilde expansions,etc. -- Michel TALON ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Centralized DB of system users
Michel Talon wrote: Lowell Gilbert wrote: NIS, which stands for Network Information Services, was developed by Sun Microsystems to centralize administration of UNIX (originally SunOS) systems. It has now essentially become an industry standard; all major UNIX like systems (Solaris, HP-UX, AIX(R), Linux, NetBSD, OpenBSD, FreeBSD, etc) support NIS. I work i am in a mostly Linux shop managed by NIS. However my machines are under FreeBSD and i have no problem getting the NIS info. The only gotcha is that, under Linux you have 2 files for passwds /etc/passwd and /etc/shadow, while under FreeBSD you have just one /etc/master.passwd. So you need to run NIS in compatibility mode on the Linux server, so that passwd and shadow are concatenated. Securitywise it is the same since in any case the shadow information flows on the wire, ready to be captured by a scannner. Yes, but running the NIS server in UNSECURE=true mode also allows local users on NIS workstations to access the password hashes. It is essentially the same as running a local machine with world read access to master.passwd. Your only defense then would be very strong passwords that would not be breakable by something like i.e. jack the ripper. I bet most people would prefer not to rely on this... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Centralized DB of system users
Valentin Bud wrote: There are different students that use those computers and they change frequently. So i thought to make a server, using FreeBSD (of course), that has a database of users so the linux machines don't have local users but they query the DB to get login credentials and such. I don't really know what to look for. So any suggestion and hints to how can i achieve this are welcomed. Try using Kerberos v5, everything you need resides in world and there is a good article in handbook on getting it working. This would be much more secure then NIS. Kerberos works as the authentication provider. You still should use some authorization provider or make users on all machines by hand. Authorization providers could be: 1. Hesiod. Designed together with Kerberos its currently slightly broken in our tree. 2. NIS. Just make sure you don't supply password hashes. It's good enough yet a bit outdated in my thought's. -- Sphinx of black quartz judge my vow. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Centralized DB of system users
Hello list, Thanks everybody for comments, things are starting to become more clear now. I have to do the reading regarding all the recom i have received from all of you which will take me some time because this project is in my spare time which is close to unexistent. I'll come back with feedback as soon as i decide which solution to use. a great day, v ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Centralized DB of system users
Nguyen Tam Chinh wrote: On Fri, Dec 12, 2008 at 9:47 PM, Ivan Voras ivo...@freebsd.org wrote: Valentin Bud wrote: If you only have UNIX systems in LAN. But in my case i have Linux + FreeBSD (server). From the handbook NIS only works between FBSDs. Am i missing something? You are correct. Hmm, I have NIS server on an old Solaris 8 and all clients are Linux (I can't use FBSD at work due so far). So it sounds strange if NIS works only between FBSDs, something not standard in the implementation? Anyway, I also vote for the LDAP. Later on when you need to introduce new services, LDAP will integrate better. NIS is very specific for *nix world. The problem with NIS between Linux and FreeBSD is the format of the password database. FreeBSD uses /etc/master.passwd -- which contains everything that's in the standard /etc/passwd file and adds the password hashes and several extra columns to do with password expiry and login groups. Linux, and other SysV-alike systems like Solaris have /etc/passwd -- same as on FreeBSD -- and /etc/shadow: a separate file with password hashes and various controls for password expiry. The formats of /etc/master.passwd and /etc/shadow are incompatible, although (assuming the password hashes are compatible) it should be a fairly small matter of programming to write scripts to convert between the two. In the case where you have a FreeBSD NIS server and Linux clients, it is perfectly feasible to have the FreeBSD box serve a Linux-style /etc/shadow database via NIS. This means users can log in on Linux machines, and I think it's also not too difficult to make changing passwords over NIS work (although ICBW), but the client users will not automatically be able to log into the central (FreeBSD) NIS server. Some might view this as a /feature/. Of course, as has been pointed out else-thread, LDAP is the way of the future. It's much more scalable and interoperable between different OSes than NIS, provides huge amounts of extra functionality and it supports things like geographically distributed sites all sharing the same password database but with local users managed from local servers. (LDAP is a hierarchical database much like the DNS. As with the DNS, sub-domains in the LDAP tree can be delegated off to different servers. Although that's pretty advanced usage). Even a basic setup does require a much steeper learning curve to get it going from scratch than most of the alternatives. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: Centralized DB of system users
Of course, as has been pointed out else-thread, LDAP is the way of the future. It's much more scalable and interoperable between different OSes and much more overcomplex, mostly unneeded complexity IMHO. Please think twice before telling about the way of the future. It's just one way, and i wish in the future i will still have a choice between many different tools and solutions, and be able to choose THE SIMPLEST for the problem, as i always do. As i didn't use NIS for a some time and never in FreeBSD i can't tell more about this, but at first look problem of database format is trivial, as master.passwd could be converted to 2-file format with few lines of shell script, and i could be done periodically to make them up to date. Sorry if i missed something because i was some time ago. I just don't like overcomplex tools for simple tasks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Centralized DB of system users
Wojciech Puchar wrote: Of course, as has been pointed out else-thread, LDAP is the way of the future. It's much more scalable and interoperable between different OSes and much more overcomplex, mostly unneeded complexity IMHO. Please think twice before telling about the way of the future. It's just one way, and i wish in the future i will still have a choice between many different tools and solutions, and be able to choose THE SIMPLEST for the problem, as i always do. As i didn't use NIS for a some time and never in FreeBSD i can't tell more about this, but at first look problem of database format is trivial, as master.passwd could be converted to 2-file format with few lines of shell script, and i could be done periodically to make them up to date. Sorry if i missed something because i was some time ago. I just don't like overcomplex tools for simple tasks. Funnily enough, I am actually in complete agreement with you. When I said The Way of the Future -- that should be read with a certain degree of irony. No one is going to remove the simpler ways of doing this stuff any time soon, because the simple way is the right way for the vast majority of cases. Almost all of the systems I have any administrative oversight of just use local password databases and SSH keys for authentication. I do have a few instances where we use an LDAP back-end to provide an authentication database for various web sites or other applications. Here the primary benefit is actually being able to build a distributed user DB *without* having to give everybody local unix accounts. The benefits outweigh the extra complexity involved. Sure LDAP is complicated, but it's of the same order of complexity as a RDBMS system like MySQL. And like MySQL, there are right times, places and ways to use it, and wrong ones too. Yes, there is a lot of complexity, but that means there's a lot of flexibility too. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: Centralized DB of system users
Funnily enough, I am actually in complete agreement with you. When I said The Way of the Future -- that should be read with a certain degree of irony. No one is going to remove the simpler ways of doing this stuff any time soon, because the simple way is the right way for the vast majority well i told this because removing simple tools was quite common in many systems just because. Good example is removing rsh/rshd/telnet/telnetd from most linux distros because they are insecure. period. :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Centralized DB of system users
Valentin Bud wrote: Hello list, I don't know if the Subject says what i really want to achieve but i do hope that i will make myself understood. I work for a school and i want to install in 2 labs on very low performance computers (1 Ghz CPU, 126 Mb RAM) some linux distro (zen walk). I *need* to install linux because there are some programs that need to run on those stations and guess what, they only work on linux. There are different students that use those computers and they change frequently. So i thought to make a server, using FreeBSD (of course), that has a database of users so the linux machines don't have local users but they query the DB to get login credentials and such. I don't really know what to look for. So any suggestion and hints to how can i achieve this are welcomed. thank you and a great day, v What you are looking for is called NIS: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-nis.html However note it is not (unfortunately) interoperable between FreeBSD and Linux, although there is a setting (UNSECURE=true in /var/yp/Makefile of the NIS server) that works around this, albeit it lowers security. There are other solutions too (LDAP?) but NIS would be the easiest to setup. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Centralized DB of system users
I agree - NIS is easiest to setup, but LDAP is the right solution in this case (though it's very complicated to set up, especially the first why it is right solution? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Centralized DB of system users
Ivan Voras wrote: Manolis Kiagias wrote: don't have local users but they query the DB to get login credentials and such. I don't really know what to look for. So any suggestion and hints to how can i achieve this are welcomed. thank you and a great day, v What you are looking for is called NIS: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-nis.html However note it is not (unfortunately) interoperable between FreeBSD and Linux, although there is a setting (UNSECURE=true in /var/yp/Makefile of the NIS server) that works around this, albeit it lowers security. There are other solutions too (LDAP?) but NIS would be the easiest to setup. I agree - NIS is easiest to setup, but LDAP is the right solution in this case (though it's very complicated to set up, especially the first time). One alternative to those is samba - there is pam_smb in the ports, but there's no nss_smb but that's somewhat weird to use in a unix-like environment :) I just found about http://pam-mysql.sourceforge.net/ In ports as security/pam-mysql and the NSS in net/libnss-mysql . I didn't try it. signature.asc Description: OpenPGP digital signature
Re: Centralized DB of system users
Manolis Kiagias wrote: don't have local users but they query the DB to get login credentials and such. I don't really know what to look for. So any suggestion and hints to how can i achieve this are welcomed. thank you and a great day, v What you are looking for is called NIS: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-nis.html However note it is not (unfortunately) interoperable between FreeBSD and Linux, although there is a setting (UNSECURE=true in /var/yp/Makefile of the NIS server) that works around this, albeit it lowers security. There are other solutions too (LDAP?) but NIS would be the easiest to setup. I agree - NIS is easiest to setup, but LDAP is the right solution in this case (though it's very complicated to set up, especially the first time). One alternative to those is samba - there is pam_smb in the ports, but there's no nss_smb but that's somewhat weird to use in a unix-like environment :) signature.asc Description: OpenPGP digital signature
Re: Centralized DB of system users
Hello list, Thank you everyone for your input. I now know what to look for. Gave it a read at NIS in the handbook but as you guys said it's FBSD only so because of the interoperability i think i will go with LDAP. I'll just have to check if (i suppose it does) that particular linux distro is ok with using LDAP. thanks once again and a great day, v On Fri, Dec 12, 2008 at 2:26 PM, Ivan Voras ivo...@freebsd.org wrote: 2008/12/12 Wojciech Puchar woj...@wojtek.tensor.gdynia.pl: I agree - NIS is easiest to setup, but LDAP is the right solution in this case (though it's very complicated to set up, especially the first why it is right solution? Interoperability. Today, with Linux, tomorrow, Windows or Mac OS X. Besides, it scales well and has a large number of supporting utilities. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Centralized DB of system users
On Fri, 2008-12-12 at 13:26 +0100, Ivan Voras wrote: 2008/12/12 Wojciech Puchar woj...@wojtek.tensor.gdynia.pl: I agree - NIS is easiest to setup, but LDAP is the right solution in this case (though it's very complicated to set up, especially the first why it is right solution? Interoperability. Today, with Linux, tomorrow, Windows or Mac OS X. Besides, it scales well and has a large number of supporting utilities. Off-topic, but do you know any good tool other than gq/phpldapadmin to manage/browse/... an LDAP server ? At the moment I've my own set of LDIF files that I use with ldap[add|delete|modify], but it's not very flexible .. A ncurses tool would be perfect. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- Julien Cigar Belgian Biodiversity Platform http://www.biodiversity.be Université Libre de Bruxelles (ULB) Campus de la Plaine CP 257 Bâtiment NO, Bureau 4 N4 115C (Niveau 4) Boulevard du Triomphe, entrée ULB 2 B-1050 Bruxelles Mail: jci...@ulb.ac.be @biobel: http://biobel.biodiversity.be/person/show/471 Tel : 02 650 57 52 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Centralized DB of system users
2008/12/12 Wojciech Puchar woj...@wojtek.tensor.gdynia.pl: I agree - NIS is easiest to setup, but LDAP is the right solution in this case (though it's very complicated to set up, especially the first why it is right solution? Interoperability. Today, with Linux, tomorrow, Windows or Mac OS X. Besides, it scales well and has a large number of supporting utilities. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Centralized DB of system users
Julien Cigar jci...@ulb.ac.be writes: Off-topic, but do you know any good tool other than gq/phpldapadmin to manage/browse/... an LDAP server ? At the moment I've my own set of LDIF files that I use with ldap[add|delete|modify], but it's not very flexible .. A ncurses tool would be perfect. You may try www/web2ldap. It's not curses though. WBR -- Boris Samorodov (bsam) Research Engineer, http://www.ipt.ru Telephone Internet SP FreeBSD committer, http://www.FreeBSD.org The Power To Serve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Centralized DB of system users
look at gosa its a fairly well rounded ldap administration suite, probably more then you might need, but it covers alot of the services https://oss.gonicus.de/labs/gosa/ or potentially even Zivios might fit your needs http://www.zivios.org/ On Fri, Dec 12, 2008 at 7:54 PM, Julien Cigar jci...@ulb.ac.be wrote: On Fri, 2008-12-12 at 13:26 +0100, Ivan Voras wrote: 2008/12/12 Wojciech Puchar woj...@wojtek.tensor.gdynia.pl: I agree - NIS is easiest to setup, but LDAP is the right solution in this case (though it's very complicated to set up, especially the first why it is right solution? Interoperability. Today, with Linux, tomorrow, Windows or Mac OS X. Besides, it scales well and has a large number of supporting utilities. Off-topic, but do you know any good tool other than gq/phpldapadmin to manage/browse/... an LDAP server ? At the moment I've my own set of LDIF files that I use with ldap[add|delete|modify], but it's not very flexible .. A ncurses tool would be perfect. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- Julien Cigar Belgian Biodiversity Platform http://www.biodiversity.be Université Libre de Bruxelles (ULB) Campus de la Plaine CP 257 Bâtiment NO, Bureau 4 N4 115C (Niveau 4) Boulevard du Triomphe, entrée ULB 2 B-1050 Bruxelles Mail: jci...@ulb.ac.be @biobel: http://biobel.biodiversity.be/person/show/471 Tel : 02 650 57 52 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Centralized DB of system users
this case (though it's very complicated to set up, especially the first why it is right solution? Interoperability. Today, with Linux, tomorrow, Windows or Mac OS X. so not right but interoperable. if i do have only unix systems in LAN, NIS is much better easier and faster. for windows-only LAN with unix server, simply using samba is OK. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Centralized DB of system users
On Fri, Dec 12, 2008 at 3:12 PM, Wojciech Puchar woj...@wojtek.tensor.gdynia.pl wrote: this case (though it's very complicated to set up, especially the first why it is right solution? Interoperability. Today, with Linux, tomorrow, Windows or Mac OS X. so not right but interoperable. if i do have only unix systems in LAN, NIS is much better easier and faster. If you only have UNIX systems in LAN. But in my case i have Linux + FreeBSD (server). From the handbook NIS only works between FBSDs. Am i missing something? thank you, v for windows-only LAN with unix server, simply using samba is OK. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Centralized DB of system users
On Fri, 2008-12-12 at 14:12 +0100, Wojciech Puchar wrote: this case (though it's very complicated to set up, especially the first why it is right solution? Interoperability. Today, with Linux, tomorrow, Windows or Mac OS X. so not right but interoperable. if i do have only unix systems in LAN, NIS is much better easier and faster. for windows-only LAN with unix server, simply using samba is OK. Here all the machines use OpenLDAP with pam_ldap and nss_ldap with /home mounted on the file server, so that an user can login on every machine and find back his /home. We've also a domain controller which uses Samba and the same LDAP database. So you create the account once and the users can automatically login on the unix and windows machines. It works pretty well. I don't know NIS so much, but I think that LDAP has two advantages : the protocol, and it's use of (extensible) schemes. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- Julien Cigar Belgian Biodiversity Platform http://www.biodiversity.be Université Libre de Bruxelles (ULB) Campus de la Plaine CP 257 Bâtiment NO, Bureau 4 N4 115C (Niveau 4) Boulevard du Triomphe, entrée ULB 2 B-1050 Bruxelles Mail: jci...@ulb.ac.be @biobel: http://biobel.biodiversity.be/person/show/471 Tel : 02 650 57 52 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Centralized DB of system users
Valentin Bud wrote: On Fri, Dec 12, 2008 at 3:12 PM, Wojciech Puchar woj...@wojtek.tensor.gdynia.pl wrote: this case (though it's very complicated to set up, especially the first why it is right solution? Interoperability. Today, with Linux, tomorrow, Windows or Mac OS X. so not right but interoperable. if i do have only unix systems in LAN, NIS is much better easier and faster. If you only have UNIX systems in LAN. But in my case i have Linux + FreeBSD (server). From the handbook NIS only works between FBSDs. Am i missing something? You are correct. signature.asc Description: OpenPGP digital signature
Re: Centralized DB of system users
Julien Cigar wrote: On Fri, 2008-12-12 at 13:26 +0100, Ivan Voras wrote: 2008/12/12 Wojciech Puchar woj...@wojtek.tensor.gdynia.pl: I agree - NIS is easiest to setup, but LDAP is the right solution in this case (though it's very complicated to set up, especially the first why it is right solution? Interoperability. Today, with Linux, tomorrow, Windows or Mac OS X. Besides, it scales well and has a large number of supporting utilities. Off-topic, but do you know any good tool other than gq/phpldapadmin to manage/browse/... an LDAP server ? At the moment I've my own set of LDIF files that I use with ldap[add|delete|modify], but it's not very flexible .. A ncurses tool would be perfect. I'm using http://www.jxplorer.org/ with great success and productivity. signature.asc Description: OpenPGP digital signature
Re: Centralized DB of system users
On Fri, Dec 12, 2008 at 9:47 PM, Ivan Voras ivo...@freebsd.org wrote: Valentin Bud wrote: On Fri, Dec 12, 2008 at 3:12 PM, Wojciech Puchar woj...@wojtek.tensor.gdynia.pl wrote: this case (though it's very complicated to set up, especially the first why it is right solution? Interoperability. Today, with Linux, tomorrow, Windows or Mac OS X. so not right but interoperable. if i do have only unix systems in LAN, NIS is much better easier and faster. If you only have UNIX systems in LAN. But in my case i have Linux + FreeBSD (server). From the handbook NIS only works between FBSDs. Am i missing something? You are correct. Hmm, I have NIS server on an old Solaris 8 and all clients are Linux (I can't use FBSD at work due so far). So it sounds strange if NIS works only between FBSDs, something not standard in the implementation? Anyway, I also vote for the LDAP. Later on when you need to introduce new services, LDAP will integrate better. NIS is very specific for *nix world. -- With best regards, Chinh Nguyen *** FreeBSD - The Power to Serve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Centralized DB of system users
Wojciech Puchar(woj...@wojtek.tensor.gdynia.pl)@2008.12.12 14:12:45 +0100: this case (though it's very complicated to set up, especially the first why it is right solution? Interoperability. Today, with Linux, tomorrow, Windows or Mac OS X. so not right but interoperable. if i do have only unix systems in LAN, NIS is much better easier and faster. No, it really is right if you want to authenticate email, radius, etc off of LDAP. NIS doesn't do that. for windows-only LAN with unix server, simply using samba is OK. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Centralized DB of system users
On Dec 12, 2008, at 10:19, Dan wrote: Wojciech Puchar(woj...@wojtek.tensor.gdynia.pl)@2008.12.12 14:12:45 +0100: this case (though it's very complicated to set up, especially the first why it is right solution? Interoperability. Today, with Linux, tomorrow, Windows or Mac OS X. so not right but interoperable. if i do have only unix systems in LAN, NIS is much better easier and faster. No, it really is right if you want to authenticate email, radius, etc off of LDAP. NIS doesn't do that. Really! I guess I didn't know that before I used it for all those. for windows-only LAN with unix server, simply using samba is OK. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Centralized DB of system users
Valentin Bud valentin@gmail.com writes: If you only have UNIX systems in LAN. But in my case i have Linux + FreeBSD (server). From the handbook NIS only works between FBSDs. Am i missing something? Apparently. Quoting the Handbook: NIS, which stands for Network Information Services, was developed by Sun Microsystems to centralize administration of UNIX (originally SunOS) systems. It has now essentially become an industry standard; all major UNIX like systems (Solaris, HP-UX, AIX(R), Linux, NetBSD, OpenBSD, FreeBSD, etc) support NIS. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Centralized DB of system users
Valentin Bud valentin@gmail.com writes: handbook but as you guys said it's FBSD only Well, aside from other Unix-like systems. Certainly Linux, MacOS, anything from Sun (which invented it), all the other BSDs, Ultrix, and probably anything else that ends in 'ix'. It might be a bit tricky to get running with VMS or Windows, but Samba should clean bridge that gap for you. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Centralized DB of system users
Hello list, I don't know if the Subject says what i really want to achieve but i do hope that i will make myself understood. I work for a school and i want to install in 2 labs on very low performance computers (1 Ghz CPU, 126 Mb RAM) some linux distro (zen walk). I *need* to install linux because there are some programs that need to run on those stations and guess what, they only work on linux. There are different students that use those computers and they change frequently. So i thought to make a server, using FreeBSD (of course), that has a database of users so the linux machines don't have local users but they query the DB to get login credentials and such. I don't really know what to look for. So any suggestion and hints to how can i achieve this are welcomed. thank you and a great day, v ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org