Howdy,

So I've got a Max OSX 10.5 Server running OpenDirectory. It's based on OpenLDAP. So I thought it would be a pretty easy process to have a Linux client authenticate against it. Wrong!
Any helpful advice? I haven't found too much on the web about Apples implementation of OpenLDAP and Linux clients.
On a related note, I've got SMB running on that Mac server too, and Windows XP clients authenticating against it, but I can't get any Linux clients to authenticate against it.

Come to think of it, I've never actually seen Linux authenticate against anything!!!
I am a Network Admin at a school, and I want to use Linux on some of our desktops. But authentication is a huge problem. Can't get it to authenticate against my Mac server or my Windows server!

As far as what I'm using, right now I've got a laptop set up with OpenSuse 11.1.

Any help would be appreciated! Linux is never going to see an increase in use in schools if all IT people run into the problems that I'm seeing. Bout ready to just give up on it. I've been trying for years to get something like this going. First tried to get Linux to login to my Windows 2003 server a couple years ago, and then tried it again earlier this year with the new Windows 2008 server. Then I just decided try it now that I have a Mac server, thought it would work better being LDAP?

Sorry to rant. Please help out a school that wants to use Linux! If I can just get it to reliably log into the server and map a network drive, then we can start using it on our workstations!

Personally I wouldn't use samba domains for authentication, just direct ldap, which is pretty easy. You've not said what distro you're using, but distro's like redhat have tools to automatically configure nsswitch.conf, ldap.conf and such to connect on ldap. If you have specific bind dn's and such then you would need to probably modify ldap.conf to add these extra details. The best advice is probably to divide and conquer. First get comfortable with an ldapsearch of the servers, then get to a stage where you can run "getent passwd" and get a valid list of accounts including the ldap ones, and then try to authenticate etc...

I'm running OpenSuse 11.1 at the moment.

I've tried to set it up to use LDAP for authentication, and I got the LDAP info from my server, and entered it in.
After doing that, I guess I assumed that I would just be able to reboot the computer, and at the login screen, login with a network account. Doesn't seem to go though.

FYI - I can browse my LDAP, so I know that it's able to communicate with the server, and I can see accounts, etc. Just can't get the computer to log in.

Any ideas?

ok, define "see accounts" please. note you'll need fully valid posix entires for group, shadow and passwd to log in

I must confess I'm a total LDAP newbie. I've been a network administrator for a couple years now, but I've mainly worked with Active Directory. My experience with Linux is using it run some servers at work (which I didn't have the need to authenticate). Anyways, this Mac server is LDAP-based, so I assumed that Linux could authenticate against it.

When I say that I can browse the LDAP, I mean that OpenSuSe has a tool that lets you do that, and with the proper credentials, you can see everything contained in LDAP (excuse me if my terminology is way off) What I'm trying to say is that I can connect to the server and access some sort of directory. hah.

Anyways, I'm not totally sure what you mean by fully valid posix entries.

Can you give me an example of what I would type in to log in then? Say that I've done everything right, which I think I have, because like I said I can see stuff on the server, it's obviously authenticating me at some point, I gave the client all the information and what not, and I'm sitting at the login screen. What would I type in to tell it to log me in authenticating against the LDAP server.
It's not going to do my any good to log in, and THEN authenticate, and THEN map a network drive. I can't see our students doing that. So naturally, I want to make the log in just like it is on our Macs and Windows machines.

Of course, it's easy as heck on the Windows and Mac machines to join! On the Mac, I just type in the name of the server into the directory utility, reboot and log in. Windows, I just join it to the Samba PDC running on the Mac server, reboot, and voila! I only wish Linux was this easy!

a posix user is what is defined in each line in /etc/passwd. If you cna't obtain all the essential parts for an entry like that from ldap, you can't use it as a valid account. Again, divide and conquer... can you do a getent passwd and get VALID entries back? It may be the case that you get invalid entries, e.g. a username but no shell, and that's a pretty good start still, compared to getting nothing.