|
Home > Archive > Open Enterprise Server Admin Tools > April 2005 > System Login
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| atharapos@gmail.com 2005-04-27, 2:45 am |
| Hello
I am thinking of using OES. I have one question though. Is it possible to
log a Windows XP computer into the OES directory? I want to be able to
have a user to log into a computer on the network and then receive
privileges such as administrative and user on that system when they log in
so they can install or not be able to install programs and ect. This will
help with system administration. Is it possible to do this without using
active directory or a windows server all together?
| |
| Justin Grote 2005-04-27, 5:45 pm |
| atharapos@gmail.com wrote:
> Hello
> I am thinking of using OES. I have one question though. Is it possible to
> log a Windows XP computer into the OES directory? I want to be able to
> have a user to log into a computer on the network and then receive
> privileges such as administrative and user on that system when they log in
> so they can install or not be able to install programs and ect. This will
> help with system administration. Is it possible to do this without using
> active directory or a windows server all together?
Yes, if you're doing OES Linux. You set up Samba as a PDC, and have
Samba use eDirectory for authentication. Now you effectively have an
NT-style domain that accepts all your eDirectory passwords.
YOu don't get the fun of Group policies or any other Active Directory
stuff (blame Microsoft for "embracing and extending" to make this
difficult if you want), but you can do everything you could do with an
NT4 domain.
This is a *very* common question, and I'm writing up a Cool Solutions
article on how to set it up. I can email you when it gets posted if you
would like.
--
__________________________
Justin Grote
Network Architect
JWG Networks
| |
| Massimo Rosen 2005-04-27, 5:45 pm |
| Justin,
Justin Grote wrote:
>
> Yes, if you're doing OES Linux. You set up Samba as a PDC,
Samba on OES doesn't work as PDC.
CU,
--
Massimo Rosen
Novell Product Support Forum Sysop
No emails please!
http://www.cfc-it.de
| |
| Justin Grote 2005-04-27, 5:45 pm |
| Massimo Rosen wrote:
> Samba on OES doesn't work as PDC.
I must be hallucinating then, because I could swear that these four OES
servers in our core data center and two field office are acting as a PDC
and respective BDC's just fine...
Seriously, what do you base this on? have you even tried it?
--
__________________________
Justin Grote
Network Architect
JWG Networks
| |
| Justin Grote 2005-04-27, 5:45 pm |
| Justin Grote wrote:
> atharapos@gmail.com wrote:
> Yes, if you're doing OES Linux. You set up Samba as a PDC, and have
> Samba use eDirectory for authentication. Now you effectively have an
> NT-style domain that accepts all your eDirectory passwords.
Err, I put a slight misnomer here. There's lots of ways to set up the
authentication to eDirectory. Some work with the eDirectory passwords,
some don't. PAM does, direct LDAP backend or smbpasswd doesn't.
The OES docs suggest that you can use Universal Password for Samba, but
I haven't investigated this yet.
--
__________________________
Justin Grote
Network Architect
JWG Networks
| |
| Justin Grote 2005-04-27, 5:45 pm |
| Justin Grote wrote:[vbcol=seagreen]
> atharapos@gmail.com wrote:
>
Oh, and possible, absolutely.
Supported, no. Novell doesn't support Samba as a PDC officially yet, so
you can't call them if you have problems. They're looking into ways to
make it work though. The reason is because the eDir and samba password
hashes are incompatible, and they odn't want to support it until they
find a seamless way to get it to authenticate against eDirectory.
Fortunately, there is a *ginormous* amount of information on the web
about how to set up a PDC with Samba, as it's probably the third most
common use of Linux in regard to connecting windows machines, behind
file and print services.
--
__________________________
Justin Grote
Network Architect
JWG Networks
| |
| Mark Robinson 2005-04-27, 5:45 pm |
| On Wed, 27 Apr 2005 21:01:21 +0000, Justin Grote wrote:
> Massimo Rosen wrote:
>
>
> I must be hallucinating then, because I could swear that these four OES
> servers in our core data center and two field office are acting as a PDC
> and respective BDC's just fine...
>
> Seriously, what do you base this on? have you even tried it?
Are you able to join machines to the domain and store the trust accounts
in eDir? Have you managed to get the ldap tools to work against eDir
instead of OpenLDAP?
I was going to work on this, but if you've got it working...
--
Mark Robinson
Novell Volunteer SysOp
One by one the penguins steal my sanity...
| |
| Justin Grote 2005-04-27, 8:45 pm |
|
> Are you able to join machines to the domain and store the trust accounts
> in eDir?
Yes, see this document. It's a *big* help.
http://tinyurl.com/8vlqq
> Have you managed to get the ldap tools to work against eDir
> instead of OpenLDAP?
Yes, it's done the same way I did it with SLES9, using the general Samba
LDAP/LDIF backend. Thank god for standards! This is why they exist! I'm
not a Microsoft basher but it's hard to justify "embrace and extend" in
the long run.
> I was going to work on this, but if you've got it working...
By all means, continue. We still haven't gotten passwords all the way
native. We use a custom NSure Identity Manager target at the moment to
keep the passwords in sync, and it works great and in real-time.
However, theres a method to use Universal password, those wonderful
little reversible eDirectory passwords, that apparently exists in the
OES documentation:
http://tinyurl.com/duqxb
I plan to investigate this soon, but it's not that high on my current
work priority list.
As I said in other posts, I'm writing an article right now, and might
enlist Aaron (Gresko)'s help as a cowriter. We wrote the suse remote
install article as well (which, if by googling "suse remote install",
ranks higher than the official SuSE documentation, hehe).
__________________________
Justin Grote
Network Architect
JWG Networks
| |
| Justin Grote 2005-04-27, 8:45 pm |
|
> Are you able to join machines to the domain and store the trust accounts
> in eDir? Have you managed to get the ldap tools to work against eDir
> instead of OpenLDAP?
>
> I was going to work on this, but if you've got it working...
I know you do this a lot Mass, so maybe I'm not doing a particular
feature you're looking for that won't work with OES, like something with
LUM. I think the Identity Manager piece may be where the problem is,
because there were a few things we couldn't do without our custom
Identity Manager module (that I'm currently working on getting around).
I didn't mean to be so brash in the grandparent post to Massimo, I just
get a little carried away sometimes when people just say "It won't work"
without explaining why  .
--
__________________________
Justin Grote
Network Architect
JWG Networks
| |
| atharapos@gmail.com 2005-04-28, 5:45 pm |
| > Justin Grote wrote:
possible[vbcol=seagreen]
able[vbcol=seagreen]
receive[vbcol=seagreen]
ect.[vbcol=seagreen]
>
> Oh, and possible, absolutely.
>
> Supported, no. Novell doesn't support Samba as a PDC officially yet, so
> you can't call them if you have problems. They're looking into ways to
> make it work though. The reason is because the eDir and samba password
> hashes are incompatible, and they odn't want to support it until they
> find a seamless way to get it to authenticate against eDirectory.
>
> Fortunately, there is a *ginormous* amount of information on the web
> about how to set up a PDC with Samba, as it's probably the third most
> common use of Linux in regard to connecting windows machines, behind
> file and print services.
>
> --
> __________________________
> Justin Grote
> Network Architect
> JWG Networks
Thanks for the info... i will take a look into it.
| |
| Mark Robinson 2005-04-28, 5:45 pm |
| On Wed, 27 Apr 2005 23:47:24 +0000, Justin Grote wrote:
>
>
> Yes, see this document. It's a *big* help.
>
> http://tinyurl.com/8vlqq
>
I've just recommended John Terpstra's book to someone. I'd heard rumours
that the idealx ldap tools don't work with eDir flavoured LDAP...
>
> Yes, it's done the same way I did it with SLES9, using the general Samba
> LDAP/LDIF backend. Thank god for standards! This is why they exist! I'm
> not a Microsoft basher but it's hard to justify "embrace and extend" in
> the long run.
Interesting...
>
> By all means, continue. We still haven't gotten passwords all the way
> native. We use a custom NSure Identity Manager target at the moment to
> keep the passwords in sync, and it works great and in real-time.
> However, theres a method to use Universal password, those wonderful
> little reversible eDirectory passwords, that apparently exists in the
> OES documentation:
>
> http://tinyurl.com/duqxb
>
> I plan to investigate this soon, but it's not that high on my current
> work priority list.
>
> As I said in other posts, I'm writing an article right now, and might
> enlist Aaron (Gresko)'s help as a cowriter. We wrote the suse remote
> install article as well (which, if by googling "suse remote install",
> ranks higher than the official SuSE documentation, hehe).
If you want more help, I'm more than willing... Aaron is bugging me to
write more... I have a session to present on Linux migration at the end
of May. Would be great to demo net vampire and see the stuff in eDir :-)
--
Mark Robinson
Novell Volunteer SysOp
One by one the penguins steal my sanity...
|
|
|
|
|