Hello,

How to make a Server of LOGIN / PASSWORDS for flexible linux machines?

Please could you post the samba config files for the server and the client.

The clients, if no network, shall use the /etc/shadow please

Could you please post the config. files?

Regards

THE config files??? what config files?? you're requesting information on how to configure a service you've not even defined, that makes no sense. Why are you mentioning samba? Sounds like you want to understand nsswitch.conf and a bit of pam first, and then look over when centralized authentication methods suit your requirements, nis, ldap, winbind etc.

well, whatever suits well the solution.

LDAP : is rather a big thing to configuure. It shall remain simple, that why it is possible with samba.
samba is only a smb.conf to configure for teh server of login and passwords, luckily. So someone has that type of configuration, sure. Well not a n00b but an expert.

NIS is the networking

Winbind looks an interesting solution but hte problem is that on the client. The winbind is rather hacky or bit hangy protocoll. If for instance the client pc is a laptop and hte person on trip, then there is no server anymore and it would be great that the users has automatically his /etc/shadow back ... but well not possible the PC client hangs.

Looks windows server: It works under a sort of LDAP: no problem.
between windows xp (cllients) & windows server: it works and it is very comfortable to install and configure.
linux, possible?

So, I did tried SAMBA server + winbind on client, and it resulted that on clients, often the winbind was hanging for older pc having the old stable linux. Well ,... an impossible thing again because there is no a single flexible + simple solutions.
I did tried LDAP, too, and there is a bug in there, that let the client ldap hanging few seconds at PC starts, and it damn tricky thing LDAP to be avoided due to complexity, and no help on the internet about LDAP.


It is easy:
- A server linux having hte logins and passwords
- several linux machines (old stable debian to testing) using these logins and passwords stored on the server, and if the laptop is on trip is US, Russia, Argentina, whereever the user can still use his laptop with the local login/passwords

Whatever solution: it has to be simple and working well under Linux too.
But config files. It is impossible to find since all of you guys are big expert informaticians, and are using for most of you: ldap kerberos and winbind... Normal humans can still want to use Linux simply.

Best regards

ldap is very simple. NIS is also very simple. Samba is much harder, and vaguer, across all it's possible incarnations. What does "NIS is the networking" mean? NIS has nothing to do with networking at all, anymore than any client server protocol.

A number of people think that they want to find config files... why?? someone elses config files are very seldom relevant. you can't just blidnly drop in someone elses file, that way lies *massively* poor system administration.

Indeeed the problem of samba, it is bit loosy because
in the config
http://www.samba.org/samba/docs/man/...ide/small.html

if you loose the connection betwenn /etc/password and the samba password/system, by some editing with vi into /etc/password or any samba delete account on the /etc/password, it is difficult to get all account between those 2 services matching.

I was rather thinking ot make it simple as:

a script in rc.2/ somewhere that in S10refreshshadowclient:
it would mount the nfs share and update the /etc/shadow and /etc/password of the client. If there is no network or no server, it woudl copy the /etc/shadowlocal and /etc/passwordlocal, what about this solution. It is simple to program and does not use lot difficult services ?

A poor admin *)

I think one thing you need to ask yourself is what will the server be (*nix or Windows)? What will the clients be (again *nix or Windows)?

It is not a one size fits all solution. Also think about what is easier to maintain, because I would think that spending an extra few hours to set something up that is easy to maintain once running would be your goal. If you do something that is quick and dirty to setup but a nightmare to maintain you will probably be looking at other solutions in the near future.

Personally I would probably go with LDAP since it is the most standard and has the most compatibility across all OS variants.

- server is maint to be *nix, debian i.e. because it is buggy-less than other distros and stable distro.
- clients will be 100pct LINUX debian machines: from old stable , and testing debian. old stable has a buggy winbind and portmap isnt as powerful as it could be.

pfff indeed.

Configuration of more than 1hours arent good at all. It has to be as simple as in windows: next next next... ok . installed.
- same for clients

LDAP is not simple. I do believe that only 5pct have a ldap at home by necessity or wish.

So you are not looking for a suggestion on how to accomplish this, just someone to do all the work for you? My rate is $250/hr I would be glad to setup any authentication mechanism you like.

By your last comment am I to take it that you want to do this for a home computer? If so, and you don't want to take the time to learn about the options and setup yourself, why bother? The default of /etc/passwd or /etc/shadow should be sufficient for single user setups.

Men, I spent many days or several months to make it. It was bit working but one has to say... it is very difficult to install or LDAP or SAMBA+/etc/password changer... then if you wanna install those things on all clients, it is really lot lot lot of work. 250bucks is bit much...
I do believe that LINUX can be simpler for everyone

nowadays lot of people have several pc at home, one fileserver and several laptops. So why LINUX keeps with admin that do believe that they are genius just because they made successfully the installation of some mega servers: ldap kerberos nis ssh_jailed apache ... I mean that should be simple and made for everyone. Informatic is not a science, it is a tool for science and business. So why keeping old mentality, and not making it simpler or easy to use? - As some distros try with lot of courage to implement apps to make it more easy. They give new opportunities for everyone for customizing and installing daemon and packages.
Look Suse, for instance, it has been still a big big success.

I think the problem is most of the server based sign on solutions are much more enterprise centric. I mean if you want simple and easy for a home use scenario just setup rsync to keep /etc/passwd and /etc/shadow the same on all machines.

Nobody said it takes a genius to setup any of these systems, just someone who has taken the time to read the docs on how they work. If you don't make a living doing this sort of thing I can understand why you might not really need nor care to know. The whole idea behind an enterprise authentication system is that while it might take a few hours to setup, once up and running maintenance is easy.

I don't think Linux is any harder than other systems to setup (if anything easier since everything is open and human readable config files), just different. The only thing I think is simpler in Windows (configuration wise) is clicking next a bunch of times to make something that doesn't work, or works poorly. But if you do think that Windows is easier, and want that point and click admin experience, why not use Windows? Linux is not Windows, for the most part both can accomplish the same tasks, but how they do it is different. If you don't care for one use the other, simple.

Services on Linux are not specifically hard to set up. They just have config files instead of ticky boxy cutesy windows, something which I am very glad of. To be talking the way you are with 2,400 posts on this site baffles me immensely. Maybe you're really just not cut out for Linux if that's still what you think.

Once again, openldap IS reasonably simple. You just know nothing at all about it and therefore assume it's hard and are STILL scared by the lack of a noddy configuration tool for no logical reason.

Yes Suse is successful, but it's nothing at all to do with having the clicky flashies. Linux is successful in business because it works well and people are very happy with the power / complexity tradeoffs. If you do think Linux is hard, how is your HPUX knowledge? How many Solaris systems are you running?

I'd certainly agree with the thoughts of Erik, who the hell bothers setting up an auth server on a home network? Especially when they seem to resent the idea of doing it in the first place??