 |
|
 |
|
|
 |
Centralized user management: what is best? |
 |
 |
|
|
01-14-06 03:44 AM
Hi,
I have a small (<8 hosts) lan with mixed Linux (debian) and winXP hosts.
Up to now I managed the debian hosts manually (copying /etc/passwd, /erc/gro
ups, ..., manually), but that is a real pain.
I did recently suffer a severe breakdown so I reinstalled most of the machin
es.
At this point I would like to setup some centralized way to manage the whole
network.
I would like to manage:
- users (<20)
- file servers (2)
- printers (3)
- firewall (ADSL, fixed IP, currently managed with shorewall/webmin)
- mail (currently on a separate host, but I plan to move it to the firewall)
In the past I used NIS, but that is UNIX-only.
I know there's OpenLDAP, but I never used it.
Probably some other package is available.
Question is:
Given the needs, what is the "best" solution?
Should I bother at all? (the main reason I want to install some management i
s that I began having a lot of permission problems when I moved hard disks f
rom one host to another; I know how to fix them, but I would like to avoid r
e-doing all that next time.
.).
Can someone point me in the right direction? I would like to avoid false sta
rts.
Thanks in Advance
Mauro
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.or
g
[ Post a follow-up to this message ]
|
|
|
 |
|
 |
|
 |
|
|
|
Re: Centralized user management: what is best? |
|
|
|
|
01-14-06 03:44 AM
Mauro Condarelli wrote:
> Hi,
> I have a small (<8 hosts) lan with mixed Linux (debian) and winXP hosts.
> Up to now I managed the debian hosts manually (copying /etc/passwd, /erc/g
roups, ..., manually), but that is a real pain.
> I did recently suffer a severe breakdown so I reinstalled most of the mach
ines.
> At this point I would like to setup some centralized way to manage the who
le network.
> I would like to manage:
> - users (<20)
> - file servers (2)
> - printers (3)
> - firewall (ADSL, fixed IP, currently managed with shorewall/webmin)
> - mail (currently on a separate host, but I plan to move it to the firewal
l)
>
> In the past I used NIS, but that is UNIX-only.
> I know there's OpenLDAP, but I never used it.
> Probably some other package is available.
For a similar environment we use nis and samba (as domain controller) on
a central file server. So all our user data is on one machine. It takes
some effort to set up a 'good' samba domain, but it works. As far as I
know there is a way to set it up to automatically use the same passwords
for linux and Windows, but we have different passwords for linux/Winnt
winxp. It's just one more step to set up a user.
My approach would be to set up one of your file servers as nis and samba
master and backup config, passwd etc. to the second file server.
For our other linux boxes, we only keep package selection information.
They are basically standard installations with almost no configuration
except for IP, so they are quickly reinstalled, if anything goes wrong.
(In fact, it takes less time to install Debian from scratch (from a
local cache) than a complete virus scan takes on our XP-boxes :-)
Johannes
(NB: domain conroll doesn't work for winxp home - only professional.)
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.or
g
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: Centralized user management: what is best? |
|
|
|
|
01-14-06 10:52 PM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mauro Condarelli wrote:
> Hi,
> I have a small (<8 hosts) lan with mixed Linux (debian) and winXP hosts.
> Up to now I managed the debian hosts manually (copying /etc/passwd, /erc/g
roups, ..., manually), but that is a real pain.
> I did recently suffer a severe breakdown so I reinstalled most of the mach
ines.
> At this point I would like to setup some centralized way to manage the who
le network.
> I would like to manage:
> - users (<20)
> - file servers (2)
> - printers (3)
> - firewall (ADSL, fixed IP, currently managed with shorewall/webmin)
> - mail (currently on a separate host, but I plan to move it to the firewal
l)
>
> In the past I used NIS, but that is UNIX-only.
> I know there's OpenLDAP, but I never used it.
> Probably some other package is available.
>
> Question is:
> Given the needs, what is the "best" solution?
> Should I bother at all? (the main reason I want to install some management is that
I began having a lot of permission problems when I moved hard disks from one host t
o another; I know how to fix them, but I would like to avoid re-doing all that next
tim
e...).
> Can someone point me in the right direction? I would like to avoid false s
tarts.
>
>
> Thanks in Advance
> Mauro
>
>
A year ago, I was in the same boat as you..... I now have all my Linux machi
nes
authenticating to OpenLDAP database, and all my Windows machines authenticat
ing
to a Samba domain, which is using the same LDAP db as it's backend. It too
k a
lot of work and a lot of how-to reading, but I finally made it ;)
I started small, just getting the LDAP database working. I then went on to
figure out how to use PAM, nsswitch, et al, to auth my linux workstations to
ldap.
Finally I got my Samba server working as a Windows domain, and using LDAP.
It
was a long road, but worth it, and I now have much more knowledge of the sub
ject.
Contact me if you want my pertinent config files.
Good Luck 
- --
- --------------------------------------------------------------------------
------
Always leave room to add an explanation if it doesn't work out.
Saturday Jan 14, 2006
- --------------------------------------------------------------------------
------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQEVAwUBQ8knea3rZxntQpytAQKz9ggAipnK/tEURCbQ084vWpmR+NXydR+0Nu+R
imETzIojoKfOQDzH6PqdbY3irePxwvgbHUWy+Pzx
w2peBWpYbwe8QC/ClzWn/9n/
qn9IN//MYHKhIKVUsfkNO7KFtubk8l6osQb/C2PAQjNOJrjFJ1a7QVm3pNluTlVj
vpxndt58KDQgwBVNZ2KVy/2BE9zU0dIDZAhDAHf8O73KfuV/6VHqnhGljcknUs6K
oek0Nc7GcTC46VUEc59n5zvtybbTNOJKfuOikdlH
rFdN8pkdN/sbsz8knMKfSAHz
BYcO/Uewplmv5Uzd8mtGkAEQpAeawW//pC70L1FLVt787gg3JO+Dqw==
=Jvbe
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.or
g
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: Centralized user management: what is best? |
|
|
|
|
01-14-06 10:52 PM
Mauro Condarelli wrote:
> Hi,
> I have a small (<8 hosts) lan with mixed Linux (debian) and winXP hosts.
> Up to now I managed the debian hosts manually (copying /etc/passwd, /erc/g
roups, ..., manually), but that is a real pain.
> I did recently suffer a severe breakdown so I reinstalled most of the mach
ines.
> At this point I would like to setup some centralized way to manage the who
le network.
> I would like to manage:
> - users (<20)
> - file servers (2)
> - printers (3)
> - firewall (ADSL, fixed IP, currently managed with shorewall/webmin)
> - mail (currently on a separate host, but I plan to move it to the firewal
l)
>
> In the past I used NIS, but that is UNIX-only.
> I know there's OpenLDAP, but I never used it.
> Probably some other package is available.
>
> Question is:
> Given the needs, what is the "best" solution?
> Should I bother at all? (the main reason I want to install some management is that
I began having a lot of permission problems when I moved hard disks from one host t
o another; I know how to fix them, but I would like to avoid re-doing all that next
tim
e...).
> Can someone point me in the right direction? I would like to avoid false s
tarts.
>
>
> Thanks in Advance
> Mauro
>
>
I think the default answer for Unix is automounting, and I would be surprise
d if
you are not aware of it since you did mention NIS. Is this also something t
hat
you consider as "UNIX-only?" (If so, why? My understanding is that it's at
least nominally supported by Debian.)
For the XP boxes, the standard solution seems to be a master bootable disk i
mage
on a server which is loaded over the network each time the machine boots.
(Saves the standard periodic Windows reinstall cycle.) Debian can handle th
e
loading and booting, but I don't know the details.
Of course, both of these solutions together give the user the option of runn
ing
either Debian or Windows on each machine on the network. (It's only tempora
ry
of course, until everyone on the network is weaned from 'Doze. :-)
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.or
g
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: Centralized user management: what is best? |
|
|
|
|
01-14-06 10:52 PM
On (14/01/06 11:31), Jay Zach wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Mauro Condarelli wrote:
ime...).[vbcol=seagreen]
>
> A year ago, I was in the same boat as you..... I now have all my Linux mac
hines
> authenticating to OpenLDAP database, and all my Windows machines authentic
ating
> to a Samba domain, which is using the same LDAP db as it's backend. It t
ook a
> lot of work and a lot of how-to reading, but I finally made it ;)
>
> I started small, just getting the LDAP database working. I then went on t
o
> figure out how to use PAM, nsswitch, et al, to auth my linux workstations
to ldap.
>
> Finally I got my Samba server working as a Windows domain, and using LDAP.
It
> was a long road, but worth it, and I now have much more knowledge of the s
ubject.
>
> Contact me if you want my pertinent config files.
I've also been pondering this for a while; have you got any particular
links you found useful .... howtos, etc.?
Regards
Clive
--
www.clivemenzies.co.uk ...
...strategies for business
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.or
g
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
RE: Centralized user management: what is best? |
|
|
|
|
01-16-06 12:50 PM
I think there should be a debian package/packages solving this problem =
automagically for those who do not want to go through all the reading =
themselves.
It should contain something like this:
openldap, samba, kerberos, nsswitch, pam-ldap with all the needed =
configuration and simple wizards, allowing to choose options.
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: Centralized user management: what is best? |
|
|
|
|
01-16-06 11:05 PM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mauro Condarelli wrote:
>
>
>
> Thanks.
> Advise would be welcome.
> Either in the form of Your current config files or, better, in the
> form of a "roadmap", so I can avoid false starts and remain on track.
> The sheer size of the pertinent manuals/howtos is discouraging.
>
>
>
> I Know I'll need that!
>
> TiA
> Mauro
>
I pretty much already outlined my 'roadmap' as I would recommend it
1. Get LDAP directory implemented
a) add a few people to it as test
b) use it as an address book first ( I think this is easiest), get email
clients to query it for addresses
c) learn what you need to do to add a few user accounts to it, and do that (
I
recommend phpldap for this - I used the custom version in egroupware, mos
tly)
2. Get Linux to authenticate to the LDAP directory.
a) I had a lot of trouble with this, be careful because it's easy to lock
yourself out of your computer - have a knoppix handy
b) this is done mostly with PAM, Nsswitch, pam_ldap, and probably others. I
t's
hard to remember it exactly, b/c once I got it, it just
worked, and all I've done since is copy those files from /etc/ to my other
workstations
3. Get Samba working using LDAP directory as it's database, and get Windows
Domain working.
a) I think I had the most trouble with this one, mainly because I kept going
at
it too soon I think. Once I got it, it just went
b) I think part of my troubles were that the smbldap package was key to gett
ing
this to work, and I couldn't get it to run, because of
perl package dependencies. For some reason a PERL module it needed to run
wasn't a requirement of the smbldap package, so
whenever I'd try to run smbldap-useradd, for example, I'd get a big long per
l
error. Finally, after studying the error for long enough,
I figured out what PERL module it needed, and installed the debian package f
or
it. After that, things went smooth. I'm still working
through a couple little niggly issues, but for the most part that did it.
- --
- --------------------------------------------------------------------------
------
Chicken Soup:
An ancient miracle drug containing equal parts of aureomycin,
cocaine, interferon, and TLC. The only ailment chicken soup
can't cure is neurotic dependence on one's mother.
-- Arthur Naiman, "Every Goy's Guide to Yiddish"
Monday Jan 16, 2006
- --------------------------------------------------------------------------
------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQEVAwUBQ8vDg63rZxntQpytAQLTZwgAoTJsrMyj
2mbPW//eD/iDahThvRGiUu/+
W4jxORozivDOKKMw6tmgysPRTQO7QxUyQWckBI6u
MudD3h+T6WjeY8aG+t3GMQlA
uzXJiHmosZZf6ZfgX/ d24qI+Dx9Lnkndlg9p+GMZyZvftatOW7BvW5Gf5o
ykiLSR
lVVg3GGt6bbmV/ Dk5rUm++flFYUYybrv2ZVqZWIBSh4F+pJnsacV3y
6nFilGzmH6
mZ0q9ZUqg4ERMfTFa4as0lb2pyrtuxGIudlh7M3D
LHOJKDcxRFAFGqHMizbn2Wsg
iUL17uLzCqEQb3WxlIV9KfDqc8U2zA1DtCKYHOqf
MCTWxRaYgNMcQw==
=GL4S
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.or
g
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Sponsored Links |
|
|
|
|
 |
All times are GMT. The time now is 06:45 AM. |
 |
|
|
 |
|
 |
|
|
 |
|
Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF
|
|
|
|
|
 |
|
 |
|
