Fedora :: LDAP - Centralize Login And Passwords For All Home Computers
Jan 25, 2010
While I've been using Linux for a little while now, I have only recently been getting into setting up and using a server at home (in part because until recently I only had ONE computer at home). I have heard of LDAP and OpenLDAP, but I am not sure if this is the best tool to do the following. Centralize logins and passwords for all of the computers at home, so I only have to change/manage one place. Since I keep installing Linux Distros it would be nice if I didn't have to add each person, individually each time.
Provide single sign-on authentication for the user so when they go to the Samba server they don't have to do another login, but they are limited in what they can see. Basically I don't want the kids being able to see *MY* files
- Works with Linux (various) and Windows (Windows 7 more than XP)
- Works with desktop and laptop
- Be able to, possibly, pass this authentication to the web server so likewise do not need to log into the web server after logging into the computer.
- (optional) be able to set up a script to run automatically to either map network drives or mount samba directories based on the user being logged in (smb://user/<username>) and/or backup the system.
I say optional because if it can that is great, but if it cannot then it isn't a show-stopper. Like I said, I am very new to servers and networking and do not know where to start regarding this. Right now I have a basic (too open) file server and a web server just beginning to be developed (working on Drupal). Not only do I need to figure out what/where to research about the server settings but also setting up the client-side of things.
View 3 Replies
ADVERTISEMENT
May 12, 2011
I'm planning to centralize users and passwords and also create controls for user access to some equipment, for example, Linux Servers, Switches, routers and firewalls. In case of failure of the link between the ACS and AD or equipment to the ACS, this device would use local username and password.
At the moment, my AD structure is a Microsoft, Cisco ACS servers and Linux Standalone. I wish that both linuxs servers and network equipment were authorized by Cisco ACS on the accounts that are in Microsoft AD.
The configuration of the Cisco ACS to use the AD is done and no problems, the network equipment is OK too, but am having difficulties configuring the server for this solution.
View 1 Replies
View Related
May 15, 2011
I have more than 150 Linux desktop computer in my office IT setup.
I want to configure LDAP centralize network authentication for all the desktop computer.
My requirement is below mentioned.
The LDAP server will only authenticate the desktop computer at the log-in time when the user start computer.
The home directory of all the user should be create in their desktop local computer not in the LDAP server.
And flexibility of user log-in for every desktop. (any user can log-in any computer with his/her username and password)and the home directory will create automatically in the local desktop computer automatically the moment any user will log-in to any computer in the network and the LDAP server will authenticate for desktop-network log-in in to the computer.
View 1 Replies
View Related
May 26, 2010
I noticed in Fedora that in Authenticate Configs ->Advanced, that there is an option to "Create home directories on the first login".I'd like to know if its possible to enable that through a text config file on a CentOS box that has ldap authentication enabled. Right now it's complaining that the home folder does not exist upon loggin with an ldap account.
View 1 Replies
View Related
Oct 1, 2010
I'm trying to write a mass reboot script in the event of a power outage (servers go to UPS for some 15 minutes or so and shutdown uncleanly). What I have is a set of 6 common passwords which will be prompted for per ssh connection, is there any way I can cycle through this password list
Code:
#below is an example of how this is constructed, IP's are used instead of hostnames due to the possibility of a DNS server being offline.
SERVERSRM1="1 2 3"
SERVERSRM2="110 120 130"
For i in $SERVERSRM1; do ssh -n root@192.168.0.$i "hostname && shutdown -y -i5 -g0"; done;'
for i in $SERVERSRM2; do ssh -n root@192.168.0.$i "hostname && shutdown -y -i5 -g0"; done;'
Each time the code is executed I'm prompted for a password (it's always one of 6 passwords). It would be quicker to have the passwords be cycled through.
I realise this is basic code at the moment but it will eventually allow for a specific set of computers to be shut down based on what power supply they're using. Authorized keys not really an option given the scale of computers (some 300 or so).
View 10 Replies
View Related
Oct 26, 2009
I'd like to allow my laptop to be disconnected from the network and login with a user stored on LDAP. I know nscd can cache usernames and groups but not shadows, but is there a solution that will cache passwords?
View 1 Replies
View Related
Sep 8, 2009
I installed CentOS 5.2 and then run yum update. I configured this server as LDAP/Samba primary domain controller. LDAP seems to be OK and for testing I am able to create users with:smbldap-tools useradd -am usernameI can ssh into the server as root and also as a Linux user which was locally created in the server. But ssh into the server as LDAP user fails (from a Fedora 11 machine) with "Permission denied, please try again", prompting again for password.Some data:
# rpm -qa | grep ldap
python-ldap-2.2.0-2.1
php-ldap-5.1.6-23.2.el5_3
[code]....
View 1 Replies
View Related
May 20, 2010
I recently set up a ldap server for user authentication and I want to be able to configure the passwd utlity to automatically update the password for the local account AND on the ldap server. How would I go about this?
View 7 Replies
View Related
Aug 9, 2010
why i can't login on the ldap-client via ldap, so here is a short description of my machines (i use openvz virtualising)I have on the HN (Debian Lenny) 2 VE's, which are in the same subnet (192.168.1.0/24)The first VE (Hostname: ldap1, IP: 192.168.1.91) is the ldap-server, which is so configured, that i can manage the server via phpldapadmin.The second VE (Hostname: ftp1, IP: 192.168.1.31) is the ldap-client, there should run a sftp-server in the future and the sftp-server(ssh-server) should use ldap-usernames to login. on the ftp1, i get with this command getent passwd the users configured on the ldap-server, but with the command id USERNAME the result is, that the user doesn't exist. (USERNAME is this name, i get returned by getent) and if i try to login via ssh, i get permission denied. and because the machines are openvz-virtual-machines, so i can't login on them like on a normal system, but a su USERNAME doesn't work too, because the user is not known on the system.
my installation:
i don't think, that the ldap-server is the problem, because the phpldapadmin and getent on ftp1 are working perfectly, but if you want, i can post the config here too. the VE ftp1 was configured with the following how-to: [URL] and pam is configured like in the chapter "PAM setup with pam_ldap" on [URL]
View 3 Replies
View Related
Aug 6, 2011
I am trying to make my home server accessible to the whole web. I have installed Nginx on my Fedora 15 64-bit Linux machine, and it works with localhost but it doesn't work online or allow other computers on the network to access it via the IP address. It keeps coming back with: Could not connect
I have port forwarding. I have even tried different ports but they all seem to be blocked. What could be wrong? I have a netgear router.
View 4 Replies
View Related
May 24, 2011
I need to specify a different path to home directories on a particular server than what LDAP contains for the users, besides using a symlink. E.g. "/Users/jdoe" vs "/home/jdoe" I don't want to change the actual LDAP attributes, just want a particular server to point them in the right direction (Ubuntu 10.04).
I'm assuming it's something I could probably set in pam configurations?
View 1 Replies
View Related
Nov 18, 2009
I am looking for ideas for getting windows users into an ldap server. I am currently running a Linux server for my department and need to create an LDAP server which mirrors the username/password information for all of us as they are stored in the windows server here. I have the openldap server up and running on Ubuntu 8.04 and it works great; I now need to find some way to import user info into this from windows. I've seen discussions of using ldifde.exe to export the AD users into an ldif file. Is this the simplest way to go about it?
Our Linux server is currently providing us with much needed services using apache, and apache is authenticating using LDAP to our windows server (Using our windows username / password is required functionality). This windows server has some problem which causes it to delay for inordinate amounts of time between authentication requests and responses. The situation is such that this problem will not be addressed by IT staff. However, I have control over the Linux server so I am looking to just mirror the windows server on an LDAP server of my own. I could get away with updating the passwords in the Linux server.
View 1 Replies
View Related
Jul 1, 2010
I have LDAP server, it is configured and all is very well, I use it to make some authentication for our Servers and routers. Also I integrates LDAP with Radius and all is work, so LDAP is powerful to the company. Last week my manager ask me to try making these authentication for all of Company computers which is windows. So, can I use LDAP, or Active Directory? I wish to use LDAP.
View 7 Replies
View Related
Aug 16, 2010
I'm trying to set up a centralized log-on scheme in a research lab with about 10 computers. It's looking like we're going with LDAP - this decision may be out of my control (but if there's an alternative that would be REALLY better, do let me know). My question is we don't really have a domain name, so when all the tutorials say cn=example,cn=com, I can't mimic this exactly. I've been trying to get away with just one, like cn=researchlab. Will LDAP work with just one, or do I need to invent a second also? On the flipside, will it work with more? Our server can be reached by
lab.department.school.edu, could I do cn=lab,cn=department,cn=school,cn=edu?
View 3 Replies
View Related
Jul 4, 2010
Where is the login password stored in Ubuntu? What is that file? Can I open that file?
View 6 Replies
View Related
Feb 25, 2010
all the sudden i have to start typing in the nm keyring password and subsequently all my website logins
View 1 Replies
View Related
Apr 25, 2010
Is it possible to have multiple passwords on the same account, where one password allows only normal login and another only when accessing the machine remotely (for example, via ssh)?
View 6 Replies
View Related
Feb 6, 2010
i was wondering if there was a way to sync two computers so that all the data in the /home directory was exactly the same on both, and it was done automatically as soon as theyre both turned on and connected to the same network?
i have a laptop and a desktop that i want to basically mirror each other.
i take my laptop everywhere, so i want to be able to do work on it, take it home, turn on my desktop and as soon as my laptop is connected to the network, it'll automatically sync the files to the desktop.
i want the reverse to also occur - meaning i do some work on the desktop and have it automatically sync up to my laptop while im working on the desktop if the laptop is on at the same time, or as soon as i turn the laptop on.
i had rsync set up before, but i had to initiate it manually, and i was never sure if it was overwriting files or appending.
View 6 Replies
View Related
Apr 17, 2010
I am interested and looking forward to get a smartphone or a personal data assistant with calendar/ email/ contacts just like the iphone does.My intention is to be able to sync my smartphone's data with my home server that actually carries my PIM applications. Basically, during the day when I am not home I will modify or add/remove data from the phone. When I arrive home I would like to be able to sync my changes to my server. My laptop will be reconfigured to retrieve and sync from that server.
Proudly running with Slackware on ALL my machines (gotta love Slack!), and Apple being **** by not supporting open source and linux environment, it seems that it will be difficult to have something working out of the box and will probably require jail-breaking the device, etc.. I don't want to rely on external services such as Google calendar except for the email from Gmail.
View 1 Replies
View Related
Sep 14, 2010
I am trying to set up virtual users with vsftpd but I can not login to the ftp server using the usernames and passwords created in the password file.
View 1 Replies
View Related
Jun 11, 2010
How to make a Server of LOGIN / PASSWORDS for flexible linux machines? Samba config files for the server and the client. The clients, if no network, shall use the /etc/shadow.
View 10 Replies
View Related
Jun 5, 2011
In the past I found some great help on this forum, so here goes. Bare with me because it's a long story. I'll try to be as complete as possible. I've installed and configured OpenLdap on a virtual machine with ip 192.168.39.134. I've added 2 users via LAM. In the ou WikiUsers and the domain is wiki.local.
I've then created another host with ip 192.168.39.133 with mediawiki installed on it. Then I added the extension LDAPAuthenthication. In the LdapAuthentication file I added this code (only the last paragraph is mine, I added the others to show it's location in the script):
Quote:
$path = array( $IP, "$IP/includes", "$IP/languages" );
set_include_path( implode( PATH_SEPARATOR, $path ) . PATH_SEPARATOR . get_include_path() );
[code]...
I know I'm close because I can't register any new users or accounts on the mediawiki site. Although I could before I added the LDAP service. This is indeed all just to test and get to know how LDAP works. That's why it's all virtual in VMWare. I did not really configure anything on the LDAP, i just installed it and chose a domain (wiki.local).
View 5 Replies
View Related
Feb 12, 2010
I was wondering if anyone could point me in the direction of any howtos around this. I have 3 computers:
Desktop - Dendrite - Ubuntu 9.10
Laptop - Axon - Ubuntu 9.10
Netbook - Synapse - Eeebuntu 9.10
All with their own home drives. My media (music, films, photos etc) is kept on a separate (Vista) partition on my Desktop with symlinks from my home directory on Dendrite. Ideally, I'd have the /home directory synced across all 3 computers. I had been toying with the idea of a networked /home kept on an external HD plugged into synapse, but not sure how this would work out with Axon out of the reach of the network. I have dyndns set up and can access the home network over ssh, but obviously that's impractical (I assume) for a home drive.
Thoughts? Ideas? Pointers? I'm comfortable playing around with fstab, nfs and the terminal, but still very much a beginner.
View 6 Replies
View Related
Apr 16, 2010
Just installed 10.04 LTS beta on 3 computers in home. At first, two of them showed up under the network window using places. The third never did and would not find the shared printer. After all rebooted, none show up. All three can access the internet and can display a valid internal network ip address using ifconfig.
View 1 Replies
View Related
Sep 27, 2010
Im wondering about proxy servers, see it is like this: I got banned from a samp server and i can't get my ip changed (it's not the local address it's the one all the computers in my house shares) I searched a little bit and discovered that a proxy server would be the best option. If I have it in some one else house I will get another ip right? Is it possible to install some software on my laptop and just use that? and how do I do that? Btw I found this: [URL]. But I didn't understand so much of it.
View 4 Replies
View Related
Oct 2, 2010
Trying to find out how to share files between two computers on my Home Network.Tried VPN but not sure how to configure. I am using Linux Mint 9.
View 3 Replies
View Related
Oct 26, 2009
I've made a LAMP install and used it as a test server connected to my Mac. Good. I managed to get Dreamweaver to work with the server and had access to the home folder from my Mac. The bad part is when I was setting up the permissions for my Mac to connect, I gave it too many rights and set /etc/exports with "no_root_squash" option. This allowed me to change permissions in my home folder from the Mac! That was really cool. The trouble started when I tried to get too clever about managing my F11 test server.
The permission change on the F11 box from the Mac created a new user 501. All the home files had this new user, 501, and a new group 501. I manually edited the /etc/passwd file giving this new PID a meaningful name, rXtian, and set its group to Xtian from the original user. Just to make myself feel really clever, I read in my "F11 Bible" that a "portable desktop" would make it easier to manage log in from different machines. I created a new home directory and CP'n the content from:
/home/Xtian
to
/home/xtiansimonsibm/Xtian (with -rw-r--r-- rXtian Xtian)
What I mean to say is I deleted the old /home/Xtian directory for reasons I do not know. Thats when all the trouble started. I can't login to either user, rXtian or Xtian. I can only get on as root. I tried to start over by creating a third user with ADDUSER including the base set of user files. I renamed home/xtiansimonsibm/rXtian. I can't log in to either. I used PASSWD command changing Xtian and rXtian's loginpass, but neither password has taken. I still have the test server working, but I can't login to the home folder anymore. What can I do? Any tutorial or checklist for repairinig the user permissions, passwords?
View 2 Replies
View Related
Jan 24, 2010
How to change both the login/sudo and default-keyring passwords with one operation? If I recall correctly, to change one'slogin and sudo password, one must use `passwd` or System>Preferences>About Me>Change Passworddefault-keyring password, one must goto Accessories>Passwords and Encryption Keys>Passwords, rclick on keyring>Change PasswordIs there a way to do both with one operation? preferably from commandline? preferably in karmic?
View 2 Replies
View Related
Mar 26, 2010
I have a debian home server right now, I'm using samba for my file server but I was wanting to stream my movies and music to my other computers. My family (the other users on the network) are NOT computer savvy, and to top it off they are using both Windows (xp) and Mac (Snow Leopard) machines. So I'm looking for software that is simple to use that will allow other operating systems to use it. I would think the easiest way would be to stream the music/movies through a home website. I have seen quite a few programs out there that stream music, but none for movies.
View 3 Replies
View Related
Mar 17, 2009
On our network, we authenticate our users via LDAP and use autofs to mount their home directories. This works fine in Fedora 8. However, in Fedora 10, when the user logs in, it also mounts the home folders of the users that previously logged onto the system as well. This is what I see when I login as "user1" on Fedora 10
[Code]...
View 2 Replies
View Related
