LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 10-23-2006, 11:20 AM   #1
LuckyMe
LQ Newbie
 
Registered: Jul 2006
Posts: 13

Rep: Reputation: 0
Linux server authentication, but how?


Hi there,

I have finally managed to successfully set up Samba, on a FC5 box, as a PDC together with login script and drive mappings (file sharing). Also DNS and DHCP is working fine.

As I am trying to get away from Windows (all these terrible news about Win Vista...) I would like to learn how to provide the same solution for Linux.

I am going to change my clients to Linux, one by one and would like them to use a centralized authentication methode maybe via Samba or any other Linux only solution running on the same box as Samba.
Unfortunately I am not sure what I need to search for? Here are my questions a bit more specific:

1. Which system to use for centralized Linux authentication?
2. How to mount shares provided on a Linux server?
3. How to specifically use the home share on the Linux server?

I learned that NIS and NFS is not the right way as it is a security issue and not easy to maintain in regards to UID, etc. Or?!

Information about what I need to search for is highlt appriciated.
Any links to tutorials are welcome.

Thanks
... LuckyMe
 
Old 10-23-2006, 01:41 PM   #2
andrewdodsworth
Member
 
Registered: Oct 2003
Location: United Kingdom
Distribution: SuSE 10.0 - 11.4
Posts: 347

Rep: Reputation: 30
Have a look at the examples and howtos on samba.org to see if that is good enough for what you want. Using LDAP for centralised authentication is a good idea and the Samba example for the 500 user office I think (or maybe the next chapter) goes into detail on how to set that up. It is certainly pretty complicated but the end result should be worth it.

If you just want to explore what you can do with Samba from a linux client you should be able to browse any smb share (even different workgroups) by just using smb:/// in your favourite browser (Konqueror in KDE) or smb://workgroup for a specific workgroup. If you want native linux browsing (again not sure whether this is KDE or distro specific) I can use fish://user@linuxmachine. This gives an explorer view of the remote linux machine using ssh. You can tailor the behaviour of this by what you allow in the server's sshd.conf file. You can use smbclient and fstab on the client machine to make mappings more permanent.

This will give you essentially the same functionality as from a Windows XP Home machine (which can't join a domain). Unfortunately you still have to set up users on the client with the same nme and password that you use in Samba but once that's done they will be able to connect to Samba shares seamlessly without passwords including the usual home directories being automatically mapped to the correct user.

Because I only have 1 linux client I haven't bothered (yet) with centralised authentication but it's on my list.

Hope this helps and good luck.
 
Old 10-23-2006, 04:37 PM   #3
LuckyMe
LQ Newbie
 
Registered: Jul 2006
Posts: 13

Original Poster
Rep: Reputation: 0
Hi,

and thanks a lot for your response. As I am principly lazy and thinking of extending my home network with OpenVPN to all my family members I guess I will be better of with an LDAP solution.

I will check out the tutorials on Samba.org for that, thanks a lot.

Are there any hints or tips that anybody here has experienced with LDAP?

How do I authenticate Linux clients towards LDAP? Is it build in?

Cheers
... LuckyMe
 
Old 10-24-2006, 04:59 AM   #4
andrewdodsworth
Member
 
Registered: Oct 2003
Location: United Kingdom
Distribution: SuSE 10.0 - 11.4
Posts: 347

Rep: Reputation: 30
I use OpenVPN not only for remote clients but also for protecting my home wireless network. Few things to watch out for in trying to get Windows browsing working over the tunnel if you use routing (tun) option rather than bridging (tap). Excellent HOWTOs on the OpenVPN site.

As regards LDAP I have set up LDAP for trivial stuff but never progressed beyond that for authentication as there seem to be about 3 or 4 steps in getting the authentication hooks to work depending on security chosen. The Samba docs frightened me to death on that!

Good luck!
 
Old 10-24-2006, 01:23 PM   #5
basileus
Member
 
Registered: Nov 2004
Location: Turku, Finland
Distribution: Debian, Ubuntu, Gentoo
Posts: 388

Rep: Reputation: 30
LDAP is a very interesting, but you'll have to study quite a bit to understand how it actually functions. Luckily there are some good LDAP tutorials on the net. If you decide to go with LDAP then check out "phpldapadmin". It's a great GUI for managing LDAP information.

You can authenticate pretty much anything from LDAP but it's not actually trivial to set up, even though the server (openldap) is very easy to get functioning.
 
Old 10-24-2006, 02:55 PM   #6
LuckyMe
LQ Newbie
 
Registered: Jul 2006
Posts: 13

Original Poster
Rep: Reputation: 0
Thanks a lot folks,

I have installed Fedora Directory Service last night and accessed the administration part of it via the web front end. Have not had time yet to start using it, creating OUs, groups, users, etc.

When I reacht the stage that I have created all that how do I get my Fedora clients to authenticate towards this LDAP server and how to I get a "login script" for drive mapping, etc?

Thanks
... LuckyMe
 
Old 10-25-2006, 08:20 AM   #7
LuckyMe
LQ Newbie
 
Registered: Jul 2006
Posts: 13

Original Poster
Rep: Reputation: 0
Okay, I found out that a centralized "login script" is kind of an issue on Linux. It is far from easy to implement.
I found the following Tutorial and wonder what the pros and cons of it are:
http://www.novell.com/coolsolutions/appnote/14832.html

Maybe you could have a look at it and let me know what the obsticals with it are? For example can this be achieved (with adjustments of course) on Fedora Core 5 / 6 and on Gnome, rather than KDE?

Cheers
... LuckyMe
 
Old 10-25-2006, 10:29 AM   #8
~=gr3p=~
Member
 
Registered: Feb 2005
Location: ~h3av3n~
Distribution: RHEL 4, Fedora Core 3,6,7 Centos 5, Ubuntu 7.04
Posts: 227

Rep: Reputation: 30
give this a try for LDAP and PDC if all frightens you

http://ebox-platform.com/features
 
Old 10-25-2006, 10:39 AM   #9
LuckyMe
LQ Newbie
 
Registered: Jul 2006
Posts: 13

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by ~=gr3p=~
give this a try for LDAP and PDC if all frightens you

http://ebox-platform.com/features
Thanks a lot, but I rather learn it the hard way and get to known the core of Linux. Nothing can scare me...



So any input to my previous post regarding "login script" is more than welcome.

Cheers
... LuckyMe
 
Old 10-25-2006, 10:47 AM   #10
~=gr3p=~
Member
 
Registered: Feb 2005
Location: ~h3av3n~
Distribution: RHEL 4, Fedora Core 3,6,7 Centos 5, Ubuntu 7.04
Posts: 227

Rep: Reputation: 30
yes then LDAP it is!!!

http://directory.fedora.redhat.com/

also man authconfig command on your clinets.

no offence meant and me too a linux fan..but i adore microsoft Active Directory and the group policies for centralized control..in my organization i have Windows AD and win clients for general staff but other servers (mail,proxy,gateway,production, database etc etc.) it's always linux...and i hate to give "Linux" The elite hackers OS to stupid users..no flames

Last edited by ~=gr3p=~; 10-25-2006 at 10:53 AM.
 
Old 10-26-2006, 07:22 AM   #11
LuckyMe
LQ Newbie
 
Registered: Jul 2006
Posts: 13

Original Poster
Rep: Reputation: 0
Hi,

again thanks a lot for the feedback. It is highly appreciated.

I will check out the authconfig as soon as I can and maybe I will come back with more questions.


Cheers
... LuckyMe
 
  


Reply

Tags
authentication, fedora, how, network, server


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux authentication server, windows client godice Linux - Software 1 09-17-2005 11:52 AM
Suse Linux authentication server? carnold Linux - Software 2 04-16-2005 08:12 PM
User Authentication - Linux Workstation RH9 with Linux Server RH73 itsops Linux - Networking 0 09-10-2003 12:38 AM
Password Authentication Server Tunarle Linux - Networking 1 07-27-2003 04:55 PM
How to make linux take the logon authentication from my winnt server funmaya Linux - Networking 5 01-11-2002 04:01 AM


All times are GMT -5. The time now is 09:22 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration