LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 07-11-2007, 12:03 PM   #1
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,118

Rep: Reputation: 58
SAMBA, LDAP and LAM


I just recently intergraded a Fedora 6 box using LDAP, SAMBA and LAM(LDAP Administration Manager, I think)into my network to take over the Microsoft PDC that was giving me major headaches and made it my PDC. I use LAM to create accounts that have the appropiate privileges. The trouble that I am having is that when I login from a windows workstation as a normal user, I cannot get into certain directories. I am having trouble with permissions with certain directories. I looked at samba.conf and am having a lot of trouble setting up permission. Using this setup how would I control permission to directories like you would using MS Active Directory?
 
Old 07-14-2007, 02:16 PM   #2
hob
Senior Member
 
Registered: Mar 2004
Location: Wales, UK
Distribution: Debian, Ubuntu
Posts: 1,075

Rep: Reputation: 45
Define your users and groups in the LDAP directory, and if you have configured it correctly the Linux system can use them just like local users and groups. By default, Linux only attaches one group to a file or directory though - you need to use the ACLs tools to build more complex permission sets.
 
Old 07-14-2007, 11:14 PM   #3
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,118

Original Poster
Rep: Reputation: 58
Does LDAP sycronize its accounts with the local accounts in /etc/passwd and /etc/groups of the local machine that is holding all of my linux accounts(I hope you understand that). The reason that I ask this is because if you create a user in LAM and LDAP then is should also create the account in /etc/passwd and /etc/group, correct?
 
Old 07-16-2007, 02:05 PM   #4
hob
Senior Member
 
Registered: Mar 2004
Location: Wales, UK
Distribution: Debian, Ubuntu
Posts: 1,075

Rep: Reputation: 45
Quote:
Originally Posted by metallica1973
Does LDAP sycronize its accounts with the local accounts in /etc/passwd and /etc/groups of the local machine that is holding all of my linux accounts(I hope you understand that). The reason that I ask this is because if you create a user in LAM and LDAP then is should also create the account in /etc/passwd and /etc/group, correct?
No. The relevant Linux components (nsswitch, PAM) will work with multiple information sources, but use local files by default. The idea is that you create the minimum on each system, and define the rest in your directory service. You configure your systems check their local files first for each lookup, and then query the network directory service if there is no match.
 
Old 07-16-2007, 02:33 PM   #5
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,118

Original Poster
Rep: Reputation: 58
So the accounts in LDAP are completly separate from the accounts that are stored on the local machine under /etc/passwd and /etc/groups, right? If that is the case then what controls the permission of the directories that are being shared on the machine? So really then LDAP is only used for account authenication? I am confused!
 
Old 07-17-2007, 03:13 PM   #6
hob
Senior Member
 
Registered: Mar 2004
Location: Wales, UK
Distribution: Debian, Ubuntu
Posts: 1,075

Rep: Reputation: 45
Well, the basic principles are really the same as Windows - once you attach a system to a domain administrators can specify users and groups from either network sources or the local account files (/etc/passwd and friends) when they set permissions on files and directories. If you configure the system correctly chown etc. don't care whether the names that you specify are from a standard LDAP directory, an Active Directory, or the local account files. An LDAP directory is just a kind of database that can hold user account information (and many other things) for client systems to search.

Note that the system hosting an LDAP service doesn't automatically use that directory service for account lookups - you have to configure it like any other client system. Fedora ships with a tool to attach the system to authentication sources like LDAP, Kerberos etc.

There is a shortage of good documentation for OpenLDAP, but Red Hat provide several free books from their Website for "Red Hat Directory Server", which is a brand name for their own LDAP product (Fedora Directory Server):

https://www.redhat.com/docs/manuals/dir-server/

Last edited by hob; 07-17-2007 at 03:17 PM.
 
Old 07-17-2007, 04:19 PM   #7
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,118

Original Poster
Rep: Reputation: 58
So in order for the LDAP to control the whole system then I have to make the whole computer use LDAP as the authenication mechanism? I have tried that and modified my system to act as a client and played with the nsswitch.conf file and etc. I will create another post for that particular problem.
 
  


Reply

Tags
authentication, ldap


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba LDAP and LAM metallica1973 Linux - Networking 2 03-10-2007 10:30 AM
Samba, LDAP, LAM & SMBLDAP-TOOL Understanding metallica1973 Linux - Networking 0 12-15-2006 04:14 PM
Roaming Profiles via LDAP, Samba, Lam ... Help! Elijah Linux - Networking 16 10-26-2005 12:30 AM
Samba and LDAP wslyhbb Linux - Networking 2 06-28-2004 10:51 AM
LDAP Account Manager (LAM) on Redhat 9 #samba# Linux - Software 2 11-25-2003 11:33 PM


All times are GMT -5. The time now is 04:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration