Struggling to setup a Debian/etch desktop: LDAP users and LOCAL users
I work as IT manager for a small programming house.
Nearly 3 years ago, we switched to Linux for the server, I suffered and struggled a little to get it work fine, and went through several distributions: RH8, then SUSEPro9, SUSEES8 and finally Debian.Sarge and now Debian.etch.
The server now is great: Postfix + amavisd-new + spamassassin (Razor2, pyzor, DCC) + MYSQL + squirellmail, Samba + ldap-account-manager, firewall + bandwidth control, Mysql, firebird, web server, openvpn server, and some internal apps developed in Qt4 (security control, workers sign up).
Now the desktop is another story: I try to work with another Debian.etch with KDE machine as a desktop, and the problem comes with network access. Initially I configured a network CIFS connection to the server, mounted. But openoffice2 documents were not saving properly (some locking problems), it seems than Linux CIFS client (or maybe specs) is far from perfect (how could it be otherwise, being involved Microsoft).
NFS works better, but I have to enable libpam_ldap, libnss_ldap to get the directory from the server, and so be able to get access permissions properly to the server files.
But what happens: When I log in the desktop as an LDAP user, I loose access to the "desktop": My LDAP account does not belong anymore to audio, printer, ... groups. NFS (apart from possible security problems) works nice, but I can't print!
And when I log in as the local user, of course, I do not belong to the groups in the LDAP server directory and I can't browse the files in the NFS network share.
Too complicated, even being an obstinated linux administrator...
So what can I tell, must I try to install some linux desktops for other possible users in my company? Not yet.
|