|
Linux server authentication, but how?
Hi there,
I have finally managed to successfully set up Samba, on a FC5 box, as a PDC together with login script and drive mappings (file sharing). Also DNS and DHCP is working fine. As I am trying to get away from Windows (all these terrible news about Win Vista...) I would like to learn how to provide the same solution for Linux. I am going to change my clients to Linux, one by one and would like them to use a centralized authentication methode maybe via Samba or any other Linux only solution running on the same box as Samba. Unfortunately I am not sure what I need to search for? Here are my questions a bit more specific: 1. Which system to use for centralized Linux authentication? 2. How to mount shares provided on a Linux server? 3. How to specifically use the home share on the Linux server? I learned that NIS and NFS is not the right way as it is a security issue and not easy to maintain in regards to UID, etc. Or?! Information about what I need to search for is highlt appriciated. Any links to tutorials are welcome. Thanks ... LuckyMe |
Have a look at the examples and howtos on samba.org to see if that is good enough for what you want. Using LDAP for centralised authentication is a good idea and the Samba example for the 500 user office I think (or maybe the next chapter) goes into detail on how to set that up. It is certainly pretty complicated but the end result should be worth it.
If you just want to explore what you can do with Samba from a linux client you should be able to browse any smb share (even different workgroups) by just using smb:/// in your favourite browser (Konqueror in KDE) or smb://workgroup for a specific workgroup. If you want native linux browsing (again not sure whether this is KDE or distro specific) I can use fish://user@linuxmachine. This gives an explorer view of the remote linux machine using ssh. You can tailor the behaviour of this by what you allow in the server's sshd.conf file. You can use smbclient and fstab on the client machine to make mappings more permanent. This will give you essentially the same functionality as from a Windows XP Home machine (which can't join a domain). Unfortunately you still have to set up users on the client with the same nme and password that you use in Samba but once that's done they will be able to connect to Samba shares seamlessly without passwords including the usual home directories being automatically mapped to the correct user. Because I only have 1 linux client I haven't bothered (yet) with centralised authentication but it's on my list. Hope this helps and good luck. |
Hi,
and thanks a lot for your response. As I am principly lazy and thinking of extending my home network with OpenVPN to all my family members I guess I will be better of with an LDAP solution. I will check out the tutorials on Samba.org for that, thanks a lot. Are there any hints or tips that anybody here has experienced with LDAP? How do I authenticate Linux clients towards LDAP? Is it build in? Cheers ... LuckyMe |
I use OpenVPN not only for remote clients but also for protecting my home wireless network. Few things to watch out for in trying to get Windows browsing working over the tunnel if you use routing (tun) option rather than bridging (tap). Excellent HOWTOs on the OpenVPN site.
As regards LDAP I have set up LDAP for trivial stuff but never progressed beyond that for authentication as there seem to be about 3 or 4 steps in getting the authentication hooks to work depending on security chosen. The Samba docs frightened me to death on that! Good luck! |
LDAP is a very interesting, but you'll have to study quite a bit to understand how it actually functions. Luckily there are some good LDAP tutorials on the net. If you decide to go with LDAP then check out "phpldapadmin". It's a great GUI for managing LDAP information.
You can authenticate pretty much anything from LDAP but it's not actually trivial to set up, even though the server (openldap) is very easy to get functioning. |
Thanks a lot folks,
I have installed Fedora Directory Service last night and accessed the administration part of it via the web front end. Have not had time yet to start using it, creating OUs, groups, users, etc. When I reacht the stage that I have created all that how do I get my Fedora clients to authenticate towards this LDAP server and how to I get a "login script" for drive mapping, etc? Thanks ... LuckyMe |
Okay, I found out that a centralized "login script" is kind of an issue on Linux. It is far from easy to implement.
I found the following Tutorial and wonder what the pros and cons of it are: http://www.novell.com/coolsolutions/appnote/14832.html Maybe you could have a look at it and let me know what the obsticals with it are? For example can this be achieved (with adjustments of course) on Fedora Core 5 / 6 and on Gnome, rather than KDE? Cheers ... LuckyMe |
|
Quote:
:study: So any input to my previous post regarding "login script" is more than welcome. Cheers ... LuckyMe |
yes then LDAP it is!!!
http://directory.fedora.redhat.com/ also man authconfig command on your clinets. no offence meant and me too a linux fan..but i adore microsoft Active Directory and the group policies for centralized control..in my organization i have Windows AD and win clients for general staff but other servers (mail,proxy,gateway,production, database etc etc.) it's always linux...and i hate to give "Linux" The elite hackers OS to stupid users..no flames :D |
Hi,
again thanks a lot for the feedback. It is highly appreciated. I will check out the authconfig as soon as I can and maybe I will come back with more questions. Cheers ... LuckyMe |
| All times are GMT -5. The time now is 03:56 AM. |