We are in the process of moving our office workstations from Windows to Linux. We would like to implement a "terminal-like" environment where users are created on a single server, then when someone logs into any workstation in the office, they are authetnicated against that server and all personal settings (e.g. Desktop, Firefox bookmarks, Thunderbird email) are pulled from the server. On logout, all changes are saved back to the server. If this were done securely (e.g. TLS), that's a definite plus.

I know this can be done, but I'm not sure what specific terms to google for. If someone could point me too some howtos are tell me what to search for, I'd appreciate it. For what its worth, the clients will be Redhat FC2 and the server will (likely) be OSX. TIA!

You could try and roll-your-own with LDAP providing the centraized authentication. I have setup something like what you describe with OpenLDAP where the user account, password, uid, gid are all kept on the LDAP server so when someone logs into a new linux box for the first time the LDAP server get's polled, if the user doesn't have a home directory on the client then one is made automagically and populated with profile information for their shell, X-windows manager, etc. This all happens with pam / ldap interaction. I have set it up with TLS and x.509 certificates. I created a CA and signed my own. It wasn't fun but it's possible. Some lean toward ldap / kerberos but I used ldap / sasl and feel good about it.

Far as browser and email client settings following a user around, I don't know of a way of setting that up.

check the openldap website.

If you are looking for a "turn-key" solution.. basically install and it runs itself.. I have no info for ya. Linux is still aimed at CompSci majors or control freaks (like me) and is still not suitable for your average administrative assistant. If you find something to fit the bill I'd love to hear about it.

-b

Could you run everything off the server via SSH clients?

I'm not sure what exact requirements you have, but if you could, all authentication would be local, so that might simplify administration. Your server CPU and memory would obviously go up.

There's my inexperienced "2 bits" on the matter.

I'm just trying to brainstorm ideas here... is it possible to setup a user's home dir over an NFS or SMB share? If I could do that, and handle the authentication with LDAP, that would seem to knock out most of what I am looking for.

I'm sure we've all seen this type of setup done in large labratory setups on Windows. If windows can do it, SURELY Linux can.

Here's a couple of thoughts to maybe steer you in the right direction or give you more ideas or for you to look at and think "what in the blue h*** was he smoking because I want some".

On each of your new shiny Linux clients make an entry in the /etc/fstab and point it to an NFS and/or SAMBA share located on your central server where you want all your user's /home directories to be. Tel the fstab file to mount it automatically upon bootup. Host all of the /home directories for your users in there.

When creating your users I know there is a way to specify their home directory location. I believe the syntax is useradd -d /custom/directory/here username . I would then point this directory to your share mentioned above so that whenever a user logs on it will look for their /home directories in the custom share, so that no matter what all changes, options, settings, etc will be located on the central server. This will effectivally give them the equivlent of a roaming profile in windows.

The thing I don't know how to get around, however is authencation on the central server. I don't have the foggiest idea how to tell a computer to authenticate users on another computer as supposed to their compuer. I would be VERY interested to find out how it's done however as it would be very userful.

Anyway there's a couple of suggestions or thoughts to get you started.

Cheers

Tap

Like I said. LDAP and PAM is -one- solution to this. look up a message or two and you'll see what I said about it. The biggest convienance is that ldap can be used for other things on the network besides authenticating linux logons. It can function as your email directory too for instance. Of course you'll have to secure the ldap server since it holds all the keys to the kingdom so to speak.

-b

I wouldn't be sticking NFS mounted shares into /etc/fstab. That's what the automounter is for.

I would very much like to know if you came to a solution ...
I have the same questions ...

Bump...