Struggling to setup a Debian/etch desktop: LDAP users and LOCAL users
I work as IT manager for a small programming house.
Nearly 3 years ago, we switched to Linux for the server, I suffered and struggled a little to get it work fine, and went through several distributions: RH8, then SUSEPro9, SUSEES8 and finally Debian.Sarge and now Debian.etch.
The server now is great: Postfix + amavisd-new + spamassassin (Razor2, pyzor, DCC) + MYSQL + squirellmail, Samba + ldap-account-manager, firewall + bandwidth control, Mysql, firebird, web server, openvpn server, and some internal apps developed in Qt4 (security control, workers sign up).
Now the desktop is another story: I try to work with another Debian.etch with KDE machine as a desktop, and the problem comes with network access. Initially I configured a network CIFS connection to the server, mounted. But openoffice2 documents were not saving properly (some locking problems), it seems than Linux CIFS client (or maybe specs) is far from perfect (how could it be otherwise, being involved Microsoft).
NFS works better, but I have to enable libpam_ldap, libnss_ldap to get the directory from the server, and so be able to get access permissions properly to the server files.
But what happens: When I log in the desktop as an LDAP user, I loose access to the "desktop": My LDAP account does not belong anymore to audio, printer, ... groups. NFS (apart from possible security problems) works nice, but I can't print!
And when I log in as the local user, of course, I do not belong to the groups in the LDAP server directory and I can't browse the files in the NFS network share.
Too complicated, even being an obstinated linux administrator...
So what can I tell, must I try to install some linux desktops for other possible users in my company? Not yet.
I'm just a hobbyist and have begun playing around with LDAP and I keep coming across terms like NIS and Kerberos, which seem to be the way to merge a linux NFS system with a Windows LDAP system. Maybe something on google for either NIS or Kerberos or LDAP will help you out.
Sorry I couldn't be more help. I'll probably be fiddling around this weekend at home and will let you know if I get far enough along to try to mimic your setup...
|All times are GMT -5. The time now is 02:16 AM.|