small office centralized management (nfs, ldap, etc)

alexmat · 2005-07-24 00:38:08

I've setup a small group of workstations and a server running various flavors of linux in our office. The server and a few of the workstations are arch boxes. What I want to do is setup some sort of nfs/ldap management system on the server to centralize logins and user home directories so we can all login to any of the workstations easily and have our home files and settings on all the different machines.

I've done a bit of reading (http://solarblue.net/docs/ldap.htm) and messing around with nfs and ldap, but can't seem to make them work quite right. Has anybody set this up using arch that would be willing to share what they did or point me to a good doc (all the ones I've read so far are for redhat and tough to apply to an arch install)?

Thanks,
Alex

Michel · 2005-07-24 10:16:54

Heya,

there is an article in the Linux Jounal 2005-issue about this: ldap for authentication (integrated with windows domains using samba) and ldap is also used for mounting directories on client-machines and email-directory. There is also file-sharing for everyone. I think that you need some background in ldap to get it, but you should read it for yourself if interested ...

Ofcourse, they may not sell them anymore ...

However, there is an article for 2002, which doesn't handle all the above things I think. It only handles login and mounting home-directories:

Follow the first resource-link on the Resources for "OpenLDAP Everywhere Revisited"-page. This is the link to the older article.

Hopes it helps,

Michel

ghostwalker · 2005-07-24 11:03:41

I found this? http://nodedirector.bigsister.ch/ it is web based. I may work for you.

alexmat · 2005-07-26 01:28:21

Thanks for the tips! I checked out the links. I found this to be most helpful:
http://www.tldp.org/HOWTO/LDAP-Implemen … index.html

At this point I've got openldap running on the server and am using phpldapadmin (http://phpldapadmin.sourceforge.net/) for modifying ldap entries. Then I ran ldapsearch and everything shows up fine (after I added "slapd: ALL" to my hosts.allow).

The part I'm getting stuck on is what to do on the client side. I understand from the docs that I need the nss_ldap and pam_ldap packages (both available for arch), but the instructions on what to do afterwards are hazy. I did edit the nss_ldap.conf and nsswitch.conf file to add ldap settings, but the test user is still unable to login. Any ideas?

alexmat · 2005-07-27 02:00:25

I think I have the client part figured out now. The basic outline of steps is:

1.) pacman -Sy nss_ldap pam_ldap

2.) edit /etc/nss_ldap.conf

3.) edit /etc/nss_pam.conf

4.) add /etc/ldap.secret (with plaintext rootdn password and a blank line at the end, chmod it 600)

5.) edit /etc/pam.d/* (caution!!! you can kill your login here)
-This part is still a little confusing to me because most of the docs about it are for debian or redhat. Redhat has a neat little utility called authconfig that takes care of everything and debian has everything split over 4 files (as opposed to arch having a ton). I have a working config after browsing forums all day, but I don't feel to confident about it.

6.) edit /etc/nscd

7.) /etc/rc.d/nscd start <-- This is very broken on arch, check this topic: http://bbs.archlinux.org/viewtopic.php? … light=nscd

That's it I'll try to do a nicer write-up about it in the next day or two including how I setup the server. I still don't have ssl enabled though, so I'm going to wait until I figure that part out.

cactus · 2005-07-27 03:00:50

ssl isn't too hard, you just have to make sure your cert common name, is the same as the hostname for the server. the ldap clients are very picky about that.

marcob · 2006-06-12 19:23:23

alexmat wrote:

I think I have the client part figured out now. The basic outline of steps is:
5.) edit /etc/pam.d/* (caution!!! you can kill your login here)
-This part is still a little confusing to me because most of the docs about it are for debian or redhat. Redhat has a neat little utility called authconfig that takes care of everything and debian has everything split over 4 files (as opposed to arch having a ton). I have a working config after browsing forums all day, but I don't feel to confident about it.

alexmat, did you get any furthur on this, or find any other documentation? This is about where I'm stuck too, but I'm also throwing Samba into the mix.

marcob · 2006-06-14 15:11:16

alexmat wrote:

I think I have the client part figured out now. The basic outline of steps is:
5.) edit /etc/pam.d/* (caution!!! you can kill your login here)
-This part is still a little confusing to me because most of the docs about it are for debian or redhat. Redhat has a neat little utility called authconfig that takes care of everything and debian has everything split over 4 files (as opposed to arch having a ton). I have a working config after browsing forums all day, but I don't feel to confident about it.

OK, I'm actually starting to figure this out, will post here when I'm done.

Arch Linux

#1 2005-07-24 00:38:08

small office centralized management (nfs, ldap, etc)

#2 2005-07-24 10:16:54

Re: small office centralized management (nfs, ldap, etc)

#3 2005-07-24 11:03:41

Re: small office centralized management (nfs, ldap, etc)

#4 2005-07-26 01:28:21

Re: small office centralized management (nfs, ldap, etc)

#5 2005-07-27 02:00:25

Re: small office centralized management (nfs, ldap, etc)

#6 2005-07-27 03:00:50

Re: small office centralized management (nfs, ldap, etc)

#7 2006-06-12 19:23:23

Re: small office centralized management (nfs, ldap, etc)

#8 2006-06-14 15:11:16

Re: small office centralized management (nfs, ldap, etc)

Board footer