Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm an NT4 MCSE and thoroughly understand the Windows domain model (pre-AD). Samba connectivity to Win machines is second nature without much reading. I've got a 20-box "NT-family" network that now has 4 linux machines on it, handling our DNS and MySQL/PHP needs, but we are about to convert to all-linux, or at least 90% linux. The linux bug has bitten me hard and I'm ready to go whole-hog, tell MS to f-off forever.
So...
Suppose I want to run an all-linux network, while still maintaining the benefits of an NT-like domain structure? Centralized domain-level user/pw management, centralized group membership, while still allowing for each machine to have a handful of "local" accounts & groups to handle tasks specific to that machine?
Beyond just share connections - suppose I would like the user "bob" to be able to log in to KDE/Gnome from any number of linux workstations on the network, without having to set up Bob on each machine and manually assure password synch... and of course, Bob should have the same level of permissions on every machine by virtual of his network-wide group memberships. Bob's desktop, mail, etc (profile) prefs should all be centrally storable, too.
There has to be a way to do this... after all, nothing MS ever came up with was an original idea. I figure they stole domain modelling from the 'nix community too, so... how do you do this type of account/group/profile centralization on linux?
I've noticed in various places in the gnome/kde gui that network login can be enabled, and that looks pretty straightforward - the question is how to set up the "domain" server? Samba? Surely not. LDAP? Maybe. If so, where would I look for how to do that? Or maybe something else should be used? And what about network browsing, similar to WINS? LDAP solve that, too? Or maybe LDAP + DNS? Is there an equivalent of a PDC & BDC, to handle server failure, WAN-based domains and/or heavy account logon load?
Every discussion and howto I've looked at on LDAP tells me how to do damn near everything EXCEPT this specific task. Most frustrating. Every search for a linux equivalent to NT domains turns up endless discussions of Samba, and never to handle an all-linux network.
ANY help - even just a URL - would be greatly appreciated.
Oh yea...that's simple, especially for fellow MCSE's.
You're going to be using SAMBA (yes samba) and open-LDAP. I recently stood up a samba PDC for a company which had 30 or 40 clients. It stood up very well in comparison to NT but was difficient while standing side by side with Active Directory (W2K/W2K3)
motub: no, that's not what I was looking for, though DNS is of course an important component and will be part of the setup. We already have a nice Bind9 server running and serving us well.
DrakIE: Thanks, dude. I've set up both a samba PDC & BDC before so I know how that goes. I will definitely read up on the openLDAP-smb link you've provided.
SlackMaster: Yeah, I was kinda looking at NIS too. Maybe it has a role to play. I'll be like you, reading up on it.
Here's an important question, mostly for DrakIE:
Under the arrangement you've described, I'm assuming you have samba and openldap on the same machine, yes? If so, then the linux clients are told to look to the ldap connector for logon credential checking, which in this case just happens to also be the samba server?
Of course it can. NT Domains as the thread started out being about was replaced by ADS. This in itself is a problem unless you have all of one or the other.
With Samba the solution is finally there. As it supports both NT domain PDC or ADS.
Consider Linux is also a superior file and web server.
Last edited by DavidPhillips; 04-13-2004 at 10:25 PM.
Anybody know when SAMBA is going to be able to act as a Active Directory PDC?
One of the few things holding me back from moving from a Windows 2000 PDC to a SAMBA one, is the fact that it would be a step backwards to the NT4 days.
Thanks for all your comments. I've used SAMBA as a file server before but never set one up to authenticate against an ADS. How does that work? Do I have 1 system acting as a SAMBA (ADS) for Linux clients to auth against? Or, do I have all clients use samba as a client to auth against a MS ADS? Please forgive the naive questions.
For clarification: I don't want to have a bunch of linux accounts on a bunch of linux boxes. I want linux users to login to linux boxes which is authenticating against an ADS.
Samba 3.0 does not act as an Active Directory server. It can participate in the AD environment using AD as the authentication point.
Until more improvement comes along, look into multiple LDAP servers (replicas) acting as AD would using Samba 3. Examples are in John Terpstra's Samba 3 By Example book.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
