Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 11-18-2004, 06:47 PM   #1
Registered: May 2004
Distribution: FreeBSD 7, Debian "Squeeze", OpenBSD 4.5
Posts: 167

Rep: Reputation: 30
LDAP + Proof Of Concept

I am working on a proof of concept Linux/BSD setup for a school system. Right now, the school system is using (In)Active Directory on the network with all Windows boxes.

My setup is as follows :

FreeBSD 5.x For The Server + OpenLDAP

Gentoo Linux for the Client.


How would I go about setting up a login server using LDAP? I want for example a student to be able to login at any Linux workstation and have it pull their home directory from the server and sync upon logoff so that their home directory travels with them no matter where they go.

I only know a little bit about LDAP (have been reading some tutorials but they mostly seem to cover stuff like adding objects to LDAP or getting the server up and running) and have read up a bit but I'm still slightly confused. I also need to know how to avoid interfering with the Windows Active Directory Server, as this proof of concept is still on the same physical network.

Old 11-19-2004, 08:28 AM   #2
Registered: Nov 2004
Distribution: FC1, Gentoo, Mdk 8.1, RH7-8-9, Knoppix, Zuarus rom 3.13
Posts: 98

Rep: Reputation: 15
As you have probably already read, openldap will do the centralized auth via PAM quite nicely. You'll probably want to use TLS encryption even if it's just a test / lab setup since if you ever actually implement this solution, doing so without some encryption would be a bad idea.

Far as home directories following users around. You're not going to be able to have stuff automagically move from one client to another. But what you can do is setup the ldap server to also be a file server. NFS, SMB or whatever. Then have the user's home on the file share so when they logon using ldap, they mount their home on the server and not on the actual client. This is the only way I know of for a user to travel around from client to client and still transparently have their home follow them. The ldap server doesn't have to be the fileserver. You can setup another server for that but if you are on a tight budget sometimes you have to put everything on just one box.

Old 11-25-2004, 07:18 AM   #3
LQ Newbie
Registered: Jul 2003
Posts: 10

Rep: Reputation: Disabled

I have the same question.

bignerd - can you tell me how you set up the client login process to authenticate users on the server using LDAP/PAM/SLAPD or whatever.

I guess it is so easy its not worth telling or so difficult its not worth doing!

Old 11-27-2004, 02:44 PM   #4
Senior Member
Registered: Mar 2004
Location: Wales, UK
Distribution: Debian, Ubuntu
Posts: 1,075

Rep: Reputation: 45

You should start a new thread rather than tag new queries on to old ones - it makes it easier for other people to spot them.

SUSE 8.2 had a really good section in the manual about setting up LDAP and Kerberos on a SUSE server. I beleive that YaST has a facility to configure the system as a Kerberos client for authentication. Haven't used more recent versions of SUSE.
Old 11-27-2004, 03:47 PM   #5
LQ Newbie
Registered: Jul 2003
Posts: 10

Rep: Reputation: Disabled
Hob.. it is the same thread

"How would I go about setting up a login server using LDAP? "

If anyone can share their knowledge it would really be appreciated. Is Kerberos part of the set up?

SuSE has an LDAP client/server set up - but doesn't offer, afaik, the link to setting up a login process.


Old 11-27-2004, 04:50 PM   #6
Senior Member
Registered: Mar 2004
Location: Wales, UK
Distribution: Debian, Ubuntu
Posts: 1,075

Rep: Reputation: 45
It's usually one question = one thread here and dead threads aren't revived, although I don't beleive that these are official rules as much as conveniences.

I'm fairly sure that I saw an option for configuring network logins during the SUSE 8.2 installation process (which is just YaST in a different mode). On Linux authentication is handled by a system called PAM, which has plug-ins. Applications query PAM, which can be configured to get the authentication information from a file or a network service, and other plug-ins do other jobs. The distribution-specific client tools just configure PAM, and that's the easiest way to configure the system to use either an LDAP or Kerberos service for authentication.

Kerberos can authenticate username/passwords from a database, or (more commonly) get the information from your LDAP service. An advantage of going through Kerberos rather than using LDAP directly is single-sign on for the whole domain: once authenticated with Kerberos a ticket is cached, so you shouldn't get pestered again for a username and password by applications that support Kerberos.

Having looked at the SUSE 8.2 manual again, it shows you how to configure Kerberos on SUSE, but doesn't tell you how to set up the LDAP service :-(

The best on-line resource that I've seen is the OpenLDAP documentation on PHPLDAPAdmin seems popular as an interface for managing LDAP once you're got it running.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Disaster-Proof server? Transition Slackware 7 09-19-2005 08:02 PM
diagonalization proof... true_atlantis General 3 02-03-2004 09:59 AM
Hacker proof Joey.Dale Linux - General 2 08-11-2003 08:19 PM
Proof that LQ is just the Best Jadasin Member Success Stories 10 04-30-2003 05:54 PM
Idiot Proof Guide to Webmail Shinjuku Linux - Software 2 04-03-2003 01:33 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:10 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration