LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 01-07-2013, 05:06 PM   #1
tzone
LQ Newbie
 
Registered: Jan 2013
Posts: 5

Rep: Reputation: Disabled
Question Login once to multiple linux machines


Is there anyone can help to give me idea how to solve this challenge?

I have multiple linux machines (RHEL6), all of them joined to Windows Domain (Active directory authenticated).

I want to enable any user to login to any machine (SSH), and then this user account needs to be automatically propagated to all other machines.

Thanks in advance...
 
Old 01-07-2013, 06:35 PM   #2
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,354

Rep: Reputation: 1105Reputation: 1105Reputation: 1105Reputation: 1105Reputation: 1105Reputation: 1105Reputation: 1105Reputation: 1105Reputation: 1105
Probably, what you need to do is to arrange for all of the "multiple linux machines" to employ Active Directory (nee LDAP ...) as their authentication agent. If you need for the login to occur by means of SSH (frantic hand-waving here ...), then you nevertheless need for the login-attempt to be authenticated by LDAP ... such that every other machine that the user might subsequently wish to access, would query the same LDAP-server and be given the necessary "nod."

Basically ... you need for "that initial authentication-attempt," however it may have been attempted, to be made against an LDAP authority in such a way that every subsequent access would receive a silent "nod."
 
Old 01-07-2013, 09:25 PM   #3
tzone
LQ Newbie
 
Registered: Jan 2013
Posts: 5

Original Poster
Rep: Reputation: Disabled
Question

Thanks for your reply.

All the machines are joined to domain and they are all using windows AD authentication.
They work fine and all user are able to login to any machine using their domain credentials.

For example we have 15 machines in a cluster, when a user login for the first time to any computer, then the new user account and his profile is created automatically also on all other 14 machines. Is it possible?
 
Old 01-08-2013, 08:30 PM   #4
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,354

Rep: Reputation: 1105Reputation: 1105Reputation: 1105Reputation: 1105Reputation: 1105Reputation: 1105Reputation: 1105Reputation: 1105Reputation: 1105
Windows' "Active Directory" technology is LDAP. So, yes, "it is possible."

The Linux subsystem that you need to look into is called PAM = Pluggable Authentication Modules. In any modern Linux system, all of the key "authentication" tasks are vectored through this one highly-configurable subsystem.

As the name implies, the system works by means of a series of "pluggable modules" that will be invoked by the kernel in a specified sequence. The "default" configuration is one that mimics what every stand-alone Unix-compatible system does "by default." But Linux isn't actually limited to that, thanks to PAM. One of the modules that's available is one that consults LDAP. Therefore, Linux can be configured to query an authoritative LDAP (nee AD ...) server and thus "play nicely with others."

http://technet.microsoft.com/en-us/m....12.linux.aspx
http://linux.boeldt.net/Linux_active_directory.asp

... for example.

Certainly, if what you need is "single sign-on," this is very achievable, and this is the way to do it. ("Kerberos" is another way to do it, and of course there are PAM modules for that, too.)

Last edited by sundialsvcs; 01-08-2013 at 08:38 PM.
 
Old 01-16-2013, 04:57 PM   #5
tzone
LQ Newbie
 
Registered: Jan 2013
Posts: 5

Original Poster
Rep: Reputation: Disabled
Thanks sundialsvcs,

I think i have implemented the PAM.
So currently all the users are able to login to any computers using their windows AD accounts and they will get an identical UID-GID across all the computers.

The one that i still have not yet understood is how can, for example:

- I have 10 computers (in 1 cluster system)
- lets say I am a new user (say user123) and never logged onto any computer (so never had any user profile on any computers).
- I, (user123), want to login on computer1 (first time) and then a "system" will automatically log me in (or create my user123 profile) on all computer1 till computer10.

The problem i have right now is, this cluster has 10 computers at the moment, and it will grow.
We have a cluster application that requires a user must exist on all the cluster members before it can run the cluster commands.
Currently the temp solution is to ask users to login to each cluster member manually (10 logins to 10 computers), if this cluster member grows (for example 100 computers), surely it's not a good idea to ask a user to login to 100 computers just to trigger the profile creation...

Please give some enlightment....

Thanks in advance...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Executing multiple commands on multiple Linux machines earlfox Linux - General 13 07-13-2012 01:47 PM
multiple linux machines bong.mau Linux - Software 3 06-09-2007 08:54 AM
Multiple machines, one login server. Is it possible? phenderson Linux - Networking 2 05-21-2004 07:12 AM
Multiple Linux Machines using sendmail... needamiracle Linux - General 13 08-28-2002 02:38 PM
Linux and multiple windows machines artman62 Linux - Networking 3 11-12-2001 09:50 PM


All times are GMT -5. The time now is 07:00 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration