Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 11
Hi there, I have finally managed to successfully set up Samba, on a FC5 box, as a PDC together with login script and drive mappings (file sharing). As I am ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Oct 2006
    Posts
    23

    Linux sharing and authentication


    Hi there,

    I have finally managed to successfully set up Samba, on a FC5 box, as a PDC together with login script and drive mappings (file sharing).

    As I am trying to get away from Windows (all these terrible news about Win Vista...) I would like to learn how to provide the same solution for Linux.

    I am going to change my clients to Linux, one by one and would like them to use a centralized authentication methode maybe via Samba or any other Linux only solution running on the same box as Samba.
    Unfortunately I am not sure what I need to search for? Here are my questions a bit more specific:

    1. Which system to use for centralized Linux authentication?
    2. How to mount shares provided on a Linux server?
    3. How to specifically use the home share on the Linux server?

    I learned that NIS and NFS is not the right way as it is a security issue and not easy to maintain in regards to UID, etc. Or?!

    Information about what I need to search for is highlt appriciated.
    Any links to tutorials are welcome.

    Thanks
    ... LuckyMe

  2. #2
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Location
    Nottingham, England
    Posts
    3,844
    If you're not going to be using Windows, then Samba really isn't needed.

    There are a number of methods you can use set up centralised authentication for a Linux-only network, actualy the easiest is NIS/NFS.

    The way this works is that you install your main server first, and set up everyone's accounts on it, including passwords. Export the /home partition using nfs (declared in /etc/exports), make sure you have the ypserv package on your system, and follow simple YP/NIS instructions to build the database (usually as simple as going into /var/yp and doing a 'make' as root). Do make sure your ypserv service is running before you do this. The only fly in the ointment is that you have to repeat this build step if you add any users or change any groups, but it's not a big deal.

    Provided you have set the server up first (with at least one regular user account) you can install the workstations, and point them at your NIS server. Dont forget to import the /home directory from the server, and use the same NIS/YPDOMAINNAME that you used on the server, and it should just work. Dont forget to declare your /home share in /etc/fstab from the server, and make sure it's mounted automatically at boot time.

    As a more advanced approach, you can use systems like Kerberos or Radius to do authentication. Personally, I use an LDAP server - which is a piece of cake with Fedora Directory Server (on any distro, too - not just FC). Using this approach still means you use NFS to share the /home directory with other Linux machines across the LAN.

    You dont really need to worry about the insecurities of NIS if you're doing all this behind some kind of firewall. For home use, security of that nature isn't an issue; all you really want to do is to make sure people can access their own files, and make it difficult for the kids to read grown up stuff like letters to the bank manager, or your financial spreadsheets.

    If you're not planning to ditch windows just yet across the entire LAN, you can set up Samba to use an LDAP server to authenticate a Windows domain. Now that's pretty cool, but is a couple of orders of magnitude more complex than NIS, and is probably not worth the effort if you're no longer to be using Microsoft's OS. LDAP will let you serve both the Windows domain and the Linux shared authentication from the same set of accounts. Oh, and Linux will still use NFS to share /home...
    Linux user #126863 - see http://linuxcounter.net/

  3. #3
    Just Joined!
    Join Date
    Oct 2006
    Posts
    23
    Hi again Roxoff,

    thanks a lot for the information!

    As I am not sure that I will be able to ditch my Windows environment completly. As I am gaming a lot and I am not sure if all the games will actually run with Wine (that is my next project) I assume that I will have to keep one or two machines running Windows. Therefore I will keep my Samba installation and change the backend to OpenLDAP.

    Are there any hints or specialities that I need to be aware of for the LDAP installation?

    And how do I do the authentication of my Linux Clients towards LDAP? Is it build in?

    Thanks
    ... LuckyMe

  4. #4
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Location
    Nottingham, England
    Posts
    3,844
    I didn't use OpenLDAP, I used Fedora Directory Server, the java front end makes it significantly easier to manage.

    I dont know if you'll suffer any unique problems in the LDAP install - I found OpenLDAP particularly complicated, so I dropped the whole thing and found an alternative.

    If you want to change the authentication system use 'authconfig' from the root command prompt.
    Linux user #126863 - see http://linuxcounter.net/

  5. #5
    Just Joined!
    Join Date
    Oct 2006
    Posts
    23
    Cheers Roxoff,

    I have installed Fedora Directory last night and just accessed the web front end. Have not used it yet. Thanks a lot.

    Also for the command to change the way of authentication.

    How can I achive a "login script"?

    Cheers
    ... LuckyMe

  6. #6
    Just Joined!
    Join Date
    Oct 2006
    Posts
    23
    Okay, I found out that a centralized "login script" is kind of an issue on Linux. It is far from easy to implement.
    I found the following Tutorial and wonder what the pros and cons of it are:
    http://www.novell.com/coolsolutions/appnote/14832.html

    Maybe you could have a look at it and let me know what the obsticals with it are? For example can this be achieved (with adjustments of course) on Fedora Core 5 / 6 and on Gnome, rather than KDE?

    Cheers
    ... LuckyMe

  7. #7
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Location
    Nottingham, England
    Posts
    3,844
    I've not read through that document in detail, but I've had a skim through (and I can dig out the detail if I need to).

    What is it that you hope to achieve with your centralised logon script? I ask that because the way windows does what it does (i.e. mounts up shares, etc. from such a script) Linux can be made to do in other ways.

    For example, the Windows network paradigm is that files are generally held locally, and that server space is where you can install shared apps from, or where you can archive off your work to keep it safe, that kind of thing.

    Linux is not the same and it can take some people a little while to get their head round. If you want to archive your documents, then what do you need to mount a network drive for at all - use CVS or a similar revision control system and check them in/out from your local drive. If you want a shared directory with apps you can run (yes, run, not install) then set them up on an NFS drive from the server - provided your account information is shared (with LDAP or even NIS) then it'll all function just as it would with local drives.

    You see, what corporate organisers of software systems dont realise is that it's not a centralised logon script that they want - it's shared access to resources, and just because Windows has to rely on a post-login script (slowing down the login process, btw) to provide this, it doesn't mean that it has to be done that way on every operating system. There are better alternatives.
    Linux user #126863 - see http://linuxcounter.net/

  8. #8
    Just Joined!
    Join Date
    Oct 2006
    Posts
    23
    Hej Roxoff,

    okay, let me explain my target:

    I am trying to set up a central resouce that can share all sorts of data (maybe apps at a later stage).
    This data shall be accessable by windows clients and linux clients. I am trying to change all the windows clients that exist at all my friends places to Linux. (Sooner or later I will be able to convince them.)

    People shall have it as easy as possible to access the data on the central server in order to copy all their sensible data on to it for backup reasons and for sharing it with their friends and family which are also part of this upcomming OpenVPN solution.

    Basically I want a central place holding all information (including home folders) so that people can access all data from any workstation.

    You see, what corporate organisers of software systems dont realise is that it's not a centralised logon script that they want - it's shared access to resources
    You mentioning a shared access to resources. Sounds exactly like what I want. However how do people connect to that share? The share needs to be mounted, or? And I don't want them to do that mounting manually.

    Please advise...

    Thanks
    ... LuckyMe

  9. #9
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Location
    Nottingham, England
    Posts
    3,844
    It happens all too often in the business world, the "powers that be" in a company think the 'normal' apporach will fit their needs - what they failed to understand is that they dont really understand what their need is. You have to decide what you actually want to do, then do that, rather than just fit some standard computer method that worked for someone else a while ago.

    The way to do what you want is to have your server sort out what can and cant be accessed - and let the clients conect as needed.

    For Windows, you can use samba to share everyone's home directory, this'll provide a central store where people can put their file if they want.

    You can mount the same home directories on the Linux machines using NFS - either on a user-by-user basis or just mount the whole of /home from the server. As long as you supply user and group information from a centralised point (usually NIS, but you can use LDAP and one or two others) then you wont have any problems.
    Linux user #126863 - see http://linuxcounter.net/

  10. #10
    Just Joined!
    Join Date
    Oct 2006
    Posts
    23
    Hej Roxoff,

    thanks a lot for your input. I like discussions like this where it is not only about technical solutions but also about strategical decisions.
    However, I think I know what I want... and it is as you said a central storage area.

    In the last chapter you wrote the following:
    Quote Originally Posted by Roxoff
    You can mount the same home directories on the Linux machines using NFS - either on a user-by-user basis or just mount the whole of /home from the server. As long as you supply user and group information from a centralised point (usually NIS, but you can use LDAP and one or two others) then you wont have any problems.
    Now the question is how can these home folders and other group shares be mounted automatically so that a user does not need to bother about the mounting and can just access the data. And me as an administrator I don't want to modify each machine manually. There must be an easier way of achieving this.

    Thanks
    ... LuckyMe

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •