[mdlug] Need advice on network authentication design

Robert Adkins radkins at impelind.com
Tue Dec 11 08:23:21 EST 2007 


 	
> -----Original Message-----
> From: mdlug-bounces at mdlug.org 
> [mailto:mdlug-bounces at mdlug.org] On Behalf Of Jeff Hanson
> Sent: Monday, December 10, 2007 9:54 PM
> To: MDLUG's Main discussion list
> Subject: Re: [mdlug] Need advice on network authentication design
> 
> Sorry about the late reply, I had a hardware failure.  You 
> can read about it here:
> http://jhansonxi.blogspot.com/2007/12/keyboard-led-flashing-panic.html
> 
> On Dec 10, 2007 9:03 AM, Joseph C. Bender 
> <jcbender at bendorius.com> wrote:
> > Though, because I'm curious, why do you need a directory service?
> 
> First, I want to learn how to do centralized authentication 
> and user account control properly on Linux.  I would like to 
> get a feel for it and what it's limitations are as compared 
> to M$AD so I can plan deployments in small businesses and 
> multi-system home networks.
> Second, I want to eliminate having to manually change 
> passwords and keep UIDs and GIDs in sync on different systems 
> and be able to easily administer it remotely.
> 

	I have found the O'Reilly books covering Administration topics to be
extremely excellent and if you want to learn OpenLDAP. I am planning on
picking up this book http://www.oreilly.com/catalog/ldapsa/index.html over
the holidays and get started with that.

	I'm running two servers and have Samba acting as a Primary Domain
Controller on one of the servers, which means I need to sink up three
different sets of uid/password files. I'd rather do some more work up front
and then only need to worry about creating a user account once and then add
that user to various groups he/she needs access to.

 	Unsure if NIS would do the trick as I've had more pressing matters
to attend to, which is also why I am considering picking up this book as
well: http://www.oreilly.com/catalog/nfs2/index.html

	Anyway, Windows workstations will cache, more or less forever,
UID/Password combos after they are connected to a domain, which allows users
to still login to their workstations if the domain controller is down or
otherwise unvailable.

	-Rob

More information about the mdlug mailing list