Scott Ackerman wrote: > Thanks Nathan, but where did I miss that in the how-to? > It appears to be missing from the how-to (some of the how-to's do make reference to nss_ldap being required though). > Nathan Kinder wrote: > >> lists at scott-ackerman.com wrote: >> >>> I thought I was smart until I dove into LDAP. I am the sole part-time IT >>> Manager for a charter school (240 students, 20 staff, 60 computers) and >>> am migrating away from a Windows server environment to Linux. The only >>> services that are being provided by a Windows server now are AD, file >>> and print sharing services. Since we are turning about 15 of our student >>> computers into Linux stations, I decided on a "simpler" method of >>> managing authentication, login etc. and chose Fedora Directory Server >>> (after having beat my head against the wall with strictly OpenLDAP for a >>> month). I have successfully set up FDS and entered all students and >>> staff. I have decided not to sync against our AD server because we are >>> changing the student login method, the old format was locker number for >>> user name and then a password. I have decided to use the first.last name >>> for user name and then a password. >>> >>> I am trying to set up posix authentication and Samba and am having >>> difficulties with both, technical on the former and understanding on the >>> latter. First posix, I have followed the how to on the FDS Wiki, but >>> there seems to be some steps missing. I have gotten an authenticated >>> student logon, but only after having created an account on the local >>> machine with the same UID. I made sure that the password was different >>> in FDS than when I created the user on the local machine and I am able >>> to login to using either password which would indicate to me that I am >>> successfully authenticating to FDS. However I don't particularly care to >>> have to add 240 students on all 15 computers to make this work, not to >>> mention all of the "home" directories that will be mounted from the NFS >>> server. So the questions is, what steps am I missing here? >>> >>> >> It sounds like you need to configure nss_ldap. Assuming you have >> nss_ldap installed on your client systems, you should be able to add >> "ldap" as a service for looking up users and groups in your >> /etc/nsswitch.conf file. >> >> -NGK >> >>> Samba. As I understand it, Windows will only authenticate against an NT >>> or "NT like (aka. Samba)" server, which means as far as I can tell that >>> either I have Samba sync against FDS or I use pGina on the Windows side >>> to authenticate directly against LDAP or scrap LDAP all together and >>> just use an NIS server (don't think this is a good idea, but it is a >>> possiblity). Of course trying to assess the pros and cons of either has >>> been somewhat difficult at best. Also the FDS Samba how-to doesn't cover >>> computer management which Samba is going to have to deal with as well. >>> >>> Before someone replies with a "RTFM", I have read the Install Guide as >>> well as the Red Hat Directory Server documentation and I am currently >>> half-way through the book "Understanding and Deploying LDAP Directory >>> Services", so I have a reasonable understanding of how to get into >>> trouble. Of course none of these provide in-depth (nor should they) >>> information as to how to integrate with other services. I have spent a >>> month reading, tinkering etc., and I am not asking anyone else to do my >>> work for me, but I have seem to hit a wall and need a couple of >>> "breadcrumbs" to get me back on the trail. Thank you for your patience >>> and understanding. >>> >>> >>> >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20070209/d31b65cc/attachment.bin
