LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 07-01-2007, 12:37 AM   #1
armandino
Member
 
Registered: Oct 2005
Posts: 72

Rep: Reputation: 15

I am not a network configuration expert, so this question of mine will probably look stupid to more than one forumer...

I think I've understood how to create a Linux LAN with N boxes and file/folder sharing: in all the boxes I define the same N users (useradd...) and appropriate groups, enable the nfs daemon, export the desidered folders and mount them (not in the same computer...) in fstab. As an alternative I could use the Samba service (by the way, which of the two is better?). Am I wrong?

Anyway, I would like to know how I can obtain an equivalent setup without having to define all LAN users on all machines. In other words, I would like to obtain a situation similar to the one I've seen in a Windows Domain Environment, where a central server is managing all LAN users' login and passwords. Particularly, I'd like to understand the way in which permissions can be managed when the LAN users are NOT defined with useradd in every single computer.

Thanks a lot to anyone who will have the patience to explain.

Last edited by armandino; 07-01-2007 at 12:49 AM.
 
Old 07-01-2007, 02:03 AM   #2
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,058

Rep: Reputation: 295Reputation: 295Reputation: 295
There are various ways of handling authentication on multiple machines on a LAN. Some people write a script that copies /etc/{passwd,shadow,group} to all machines on the LAN (fault tolerant but not scalable). Then there's NIS which is simple to set up and pretty reliable, but has some security issues. Most people today use LDAP (or something like Red Hat Directory Server which is LDAP based). This will get you to a basic NT4 level of functionality (users and groups shared across machines). There are also options (winbind I think) for authenticating against a Windows domain controller.

To answer your other question, I find using NFS more reliable when sharing files between multiple *nix machines.
 
Old 07-01-2007, 02:26 AM   #3
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
You can have a samba setup that uses an openldap server to authenticate the users.

The Samba 3 by Example book has a sample configuration. You may have it in /usr/src/doc/samba-version/ or /usr/src/doc/packages/samba/. You may need to install a samba-doc package. On my system, the samba-doc package installs both the pdf and html versions. On Fedora Core, it installs a PostScript version.

Your distro may also configure the hosts for you. There are other ways of doing this. Samba can use various types of password backends, and you can use samba for authentication. There usually is a script that is run that will create your systems /etc/passwd file based on the directory contents. You still need a Unix user corresponding to every samba user, including those on Windows computers.
If your distro takes care of the PAM configuration for you, that will make life a lot easier.

Another thing to look at on an all linux network is NFS and NIS (formally YP for yellow pages). Also, if your network isn't too large you could use cfengine or something similar to centrally administer the Linux machines. You could then also replicate other files and applications as well.

There is a book "Automating UNIX and Linux Administration" by Kirk Bauer. He has scripts that he uses to automate the administration of Linux hosts.

There is a must read book, The Linux Filesystem Hierarchy Standard, on the www.tldp.org website. It explains the Linux directory tree and the logic behind it. Several of the directories could be static and shared. For example, all your linux hosts could mount shares read-only for /bin/,/sbin/,/usr, etal. Then you could install or upgrade software on one host as an administer and all of the other hosts on the network would be updated.

Look at the format of the /etc/passwd file: man 7 passwd. The home directory of a user could be located on a network share. So, you could have the person's home directory on a NAS server. The regular users in the /etc/passwd and /etc/shadow entries could be replicated to all of the hosts. When the user logs in from any, he is connected to his home directory on the NAS server. You could do the same, where the user has a home directory on his own computer. That computers home directory is shared and on the other hosts, the home directory entry in /etc/passwd looks like ://host/username/:. You might not want to replicate the entire /etc/passwd and /etc/shadow files. They contain system users as well, which may be configured differently if you use different distributions.

--

P.S. If you mount samba shares, use the cifs filesystem rather than smbfs. It has better support for Unix/Linux native permissions when sharing Linux native filesytem partitions.

Last edited by jschiwal; 07-01-2007 at 02:36 AM. Reason: Fixed typos
 
Old 07-01-2007, 10:19 AM   #4
armandino
Member
 
Registered: Oct 2005
Posts: 72

Original Poster
Rep: Reputation: 15
Well, thank very much for your very kind help.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Configuration Automation & Centralized Management With Puppet on Ubuntu LXer Syndicated Linux News 0 03-04-2007 01:46 PM
LXer: Build a centralized log management and monitoring system LXer Syndicated Linux News 0 10-25-2006 01:24 AM
user management emalossi Fedora 2 07-21-2006 01:53 PM
User Management netwalker1 Linux - Software 2 12-07-2004 01:38 AM
Centralized management of a small Linux network... linuxpyro Linux - Networking 3 08-24-2004 01:53 PM


All times are GMT -5. The time now is 07:20 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration