Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am working on a proof of concept Linux/BSD setup for a school system. Right now, the school system is using (In)Active Directory on the network with all Windows boxes.
My setup is as follows :
FreeBSD 5.x For The Server + OpenLDAP
Gentoo Linux for the Client.
-----------
How would I go about setting up a login server using LDAP? I want for example a student to be able to login at any Linux workstation and have it pull their home directory from the server and sync upon logoff so that their home directory travels with them no matter where they go.
I only know a little bit about LDAP (have been reading some tutorials but they mostly seem to cover stuff like adding objects to LDAP or getting the server up and running) and have read up a bit but I'm still slightly confused. I also need to know how to avoid interfering with the Windows Active Directory Server, as this proof of concept is still on the same physical network.
Distribution: FC1, Gentoo, Mdk 8.1, RH7-8-9, Knoppix, Zuarus rom 3.13
Posts: 98
Rep:
As you have probably already read, openldap will do the centralized auth via PAM quite nicely. You'll probably want to use TLS encryption even if it's just a test / lab setup since if you ever actually implement this solution, doing so without some encryption would be a bad idea.
Far as home directories following users around. You're not going to be able to have stuff automagically move from one client to another. But what you can do is setup the ldap server to also be a file server. NFS, SMB or whatever. Then have the user's home on the file share so when they logon using ldap, they mount their home on the server and not on the actual client. This is the only way I know of for a user to travel around from client to client and still transparently have their home follow them. The ldap server doesn't have to be the fileserver. You can setup another server for that but if you are on a tight budget sometimes you have to put everything on just one box.
You should start a new thread rather than tag new queries on to old ones - it makes it easier for other people to spot them.
SUSE 8.2 had a really good section in the manual about setting up LDAP and Kerberos on a SUSE server. I beleive that YaST has a facility to configure the system as a Kerberos client for authentication. Haven't used more recent versions of SUSE.
It's usually one question = one thread here and dead threads aren't revived, although I don't beleive that these are official rules as much as conveniences.
I'm fairly sure that I saw an option for configuring network logins during the SUSE 8.2 installation process (which is just YaST in a different mode). On Linux authentication is handled by a system called PAM, which has plug-ins. Applications query PAM, which can be configured to get the authentication information from a file or a network service, and other plug-ins do other jobs. The distribution-specific client tools just configure PAM, and that's the easiest way to configure the system to use either an LDAP or Kerberos service for authentication.
Kerberos can authenticate username/passwords from a database, or (more commonly) get the information from your LDAP service. An advantage of going through Kerberos rather than using LDAP directly is single-sign on for the whole domain: once authenticated with Kerberos a ticket is cached, so you shouldn't get pestered again for a username and password by applications that support Kerberos.
Having looked at the SUSE 8.2 manual again, it shows you how to configure Kerberos on SUSE, but doesn't tell you how to set up the LDAP service :-(
The best on-line resource that I've seen is the OpenLDAP documentation on www.openldap.org. PHPLDAPAdmin seems popular as an interface for managing LDAP once you're got it running.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.