I am working on a proof of concept Linux/BSD setup for a school system. Right now, the school system is using (In)Active Directory on the network with all Windows boxes.

My setup is as follows :

FreeBSD 5.x For The Server + OpenLDAP

Gentoo Linux for the Client.

-----------

How would I go about setting up a login server using LDAP? I want for example a student to be able to login at any Linux workstation and have it pull their home directory from the server and sync upon logoff so that their home directory travels with them no matter where they go.

I only know a little bit about LDAP (have been reading some tutorials but they mostly seem to cover stuff like adding objects to LDAP or getting the server up and running) and have read up a bit but I'm still slightly confused. I also need to know how to avoid interfering with the Windows Active Directory Server, as this proof of concept is still on the same physical network.

Thanks

As you have probably already read, openldap will do the centralized auth via PAM quite nicely. You'll probably want to use TLS encryption even if it's just a test / lab setup since if you ever actually implement this solution, doing so without some encryption would be a bad idea.

Far as home directories following users around. You're not going to be able to have stuff automagically move from one client to another. But what you can do is setup the ldap server to also be a file server. NFS, SMB or whatever. Then have the user's home on the file share so when they logon using ldap, they mount their home on the server and not on the actual client. This is the only way I know of for a user to travel around from client to client and still transparently have their home follow them. The ldap server doesn't have to be the fileserver. You can setup another server for that but if you are on a tight budget sometimes you have to put everything on just one box.

-b

I have the same question.

bignerd - can you tell me how you set up the client login process to authenticate users on the server using LDAP/PAM/SLAPD or whatever.

I guess it is so easy its not worth telling or so difficult its not worth doing!

Thanks

x9abm,

You should start a new thread rather than tag new queries on to old ones - it makes it easier for other people to spot them.

SUSE 8.2 had a really good section in the manual about setting up LDAP and Kerberos on a SUSE server. I beleive that YaST has a facility to configure the system as a Kerberos client for authentication. Haven't used more recent versions of SUSE.

Hob.. it is the same thread

"How would I go about setting up a login server using LDAP? "

If anyone can share their knowledge it would really be appreciated. Is Kerberos part of the set up?

SuSE has an LDAP client/server set up - but doesn't offer, afaik, the link to setting up a login process.

Cheers

Andrew

It's usually one question = one thread here and dead threads aren't revived, although I don't beleive that these are official rules as much as conveniences.

I'm fairly sure that I saw an option for configuring network logins during the SUSE 8.2 installation process (which is just YaST in a different mode). On Linux authentication is handled by a system called PAM, which has plug-ins. Applications query PAM, which can be configured to get the authentication information from a file or a network service, and other plug-ins do other jobs. The distribution-specific client tools just configure PAM, and that's the easiest way to configure the system to use either an LDAP or Kerberos service for authentication.

Kerberos can authenticate username/passwords from a database, or (more commonly) get the information from your LDAP service. An advantage of going through Kerberos rather than using LDAP directly is single-sign on for the whole domain: once authenticated with Kerberos a ticket is cached, so you shouldn't get pestered again for a username and password by applications that support Kerberos.

Having looked at the SUSE 8.2 manual again, it shows you how to configure Kerberos on SUSE, but doesn't tell you how to set up the LDAP service :-(

The best on-line resource that I've seen is the OpenLDAP documentation on www.openldap.org. PHPLDAPAdmin seems popular as an interface for managing LDAP once you're got it running.