Ubuntu Servers :: Modern Central User Management - Automount A Secure NFS Share Somewhere In The /home Directory
Mar 14, 2010
I've setup Kerberos and OpenLDAP servers (9.10) similar to the official documentation (and other sites that fill in the "gaps"). However, when you start to get in to some of the details, there seem to be many options - and I guess I'm looking for what could be the defacto standard. I'd like to allow Ubuntu clients to have a sso capability, with the ability for local caching of passwords if not connected to the network (such as a laptop user away from the office, prior to a VPN). I'd like to automount a secure NFS share somewhere in the /home directory. If the user logs in to a computer they've not logged in to before (if they're authorized), it would be nice if a skeleton /home directory could be setup there automatically I'm guessing that it is not desirable to use a shared /home NFS - as if you're off the network this would be problematic - as well as multiple computers sharing the same /home. There are some benefits to a shared /home (SSH certs, etc.), so maybe there is a hybrid approach out there.
I've read that it's not necessarily good practice to have OpenLDAP to do the authentication (leave this to Kerberos), but it's fine for authorization (such as ACLs for logins to certain computers). It's also good practice to use TLS with OpenLDAP (which requires public certs on all the clients) and to not allow anonymous read to the directory. I would guess that a computer host keytab could be refreshed to bind to the OpenLDAP server via GSSAPI / SASL to allow a non-anonymous read, and then determine if, say, the user was a member of a group allowed to log in. Kerberos would then pick up and authenticate the user and then proceed to the login. Off the network here, I'm not sure. I found this document, but it's self declared missing items: [URL]
I'll stop the rambling, but I cannot be the only one who would like to setup a relatively standard and secure server based network authentication and authorization back-end. Is there any _complete_ documentation on the best practices and how to implement?
View 4 Replies
ADVERTISEMENT
Jul 22, 2010
I am replacing a home network - Windows Server 2003 and 5 PCs (XP Pro) with UBUNTU 10.4 LTS Server and client versions. I am keeping a couple of the PCs with dual boot until I can migrate everything over (Having some issues with iTunes, Family Tree Maker, Media serving, DVD decrypt and a couple of others, but that is for another post). It was great fun getting the server up and running using only shell commands. Took me ages just to get a folder shared! Migrating the data over from NTFS to ext3 was also fun given the limited space on the partitions.
I really only want to use the server for communal network type things ... central user account maintenance, shared folders for music, video etc and data backup. I don't need it to be performing server functions on the Internet e.g. web server etc although that may come later. How I set up central user management? All the PCs are currently setup with local user ids, and it is a bit of a pain to go round each PC every time I change something.
The server is not always up, so I need to be able to log into the local PC without it being active. I was using Active Directory on Server 2003, but I don't need anything that complex really ... just 3 or 4 users to manage. I have been looking at the setup tutorial at [URL] but am not sure how relevant a lot of it is. I have SSH setup so I can login remotely, NFS is working to share the folders, but that is about all I have done so far.
View 2 Replies
View Related
Feb 2, 2011
created a user but i forgot to change the home directory permission.so after user created when i go to the user and group mangement i cant see that permission filed related to the home permission directory.my purpose is to stop accessing other user to my home directory,how it can be possible??
View 4 Replies
View Related
May 11, 2010
I am trying to build a ftp server with vsftpd. In general, I am not able to log in. I can only log in to the ftp server, if that same user is logged in to the server. I found out that this has to with my network setup. I am using OpenLDAP for centralized authentication and home directories are stored on an NFS server. The problem is that regular users are not allowed to log in to servers, therefore their home directories are not mounted. However I want to be able to give my users access to the ftp server without their home directories mounted. Is this possible with vsftpd and if so how do get this up and running. By the way, anonymous users are not allowed.
View 3 Replies
View Related
Feb 13, 2011
Or would this sacrifice security in some way? I've been using root only, and am ready to have a seperate account now. It's the dotfiles for GUI apps that I'm concerned about:
Code:
-rw------- 1 root root 98 Feb 13 16:23 .Xauthority
-rw------- 1 root root 6392 Feb 12 18:13 .bash_history
drwx------ 5 root root 4096 Jan 13 17:47 .config
drwxr-xr-x 4 root root 4096 Dec 29 21:36 .fvwm
drwx------ 4 root root 4096 Nov 7 19:55 .mozilla
-rw------- 1 root root 218 Jan 26 10:04 .recently-used.xbel
-rw------- 1 root root 98 Feb 13 16:23 .serverauth.17096
drwxr-xr-x 2 root root 4096 Dec 25 12:42 .tuxcmd
drwxr-xr-x 2 root root 4096 Feb 12 17:25 .xine
View 11 Replies
View Related
Dec 15, 2010
I'm trying to restrict a particular ssh user to his home directory, I'm just giving him access so that he can ssh to another server that is only accessible from the former but restrict his movement so that he can't poke around the former.I already made some changes to sshd_config file and added the following line at the end:
Did some test, user joe can ssh to the server but unable to do anything aside from logging in, even a simple ls command will immediately close the putty session. I know I'm still missing something but don't really know what it is.I also tried this how to that uses rssh --> http://www.adamhawkins.net/2009/05/r...ured/#more-431 however when I login the session immediately closes.
View 5 Replies
View Related
Sep 16, 2010
We would like to setup Lenny (Gnome) clients and need Desktop Mgmt Software, to manage clients over central management system.
View 1 Replies
View Related
Sep 1, 2010
i want to create Central Opensuse repository for Patch management just like WSUS in windows,which automatically downloads Updates/Patches and distribute to the Clients locally.
View 1 Replies
View Related
Jan 6, 2010
I have a secondary disk which holds a /home directory structure from a previous install of Linux. I installed a new version on a new primary drive and mounted this secondary drive as the new /home. Problem is, even though the users are the same names and I can access the home directories for the users, I cannot login directly to their home directories, as I get the following error: -
Code:
login as: [me]
[me]@[machine]'s password:
Last login: Wed Jan 6 18:34:33 2010 from [machine]
Could not chdir to home directory /home/[me]: Permission denied
[[me]@[machine] /]$
Now, since the usernames are correct and the users are in the passwd file with the correct home directory paths, could it be user ID's that are different or something else? It's not as though I cannot access the home directories for the users, simply that I cannot log directly into them from a login prompt.
View 14 Replies
View Related
Nov 22, 2010
I installed AWSTATS on my LAMP 10.04 LTS and followed several tutorials URL...) but I can't secure the folder, either by an alias or by .htaccess. I tried both methods manually and by using Webmin.If you go to the URL www.mywebsite/awstats/awstats.pl it shows up, which is good, but this is the default installation site and anyone who knows awstats could possibly see my stats. The conf folder is /etc/awstats/, and I did an alias for that, then .htacess, but neither worked. With the .htaccess, I would get a password promt but the full stats page was visible behind the password promt, and if you clicked "Cancel" about 20 times or so the promt would go away and the full stats page would be visible.
The actual file that powers awstats is in /usr/share/lib/cgi-bin/awstats.pl, and I also tried an Alias and .htaccess seperately and neither worked.I restarted apache2 after each change and I've searched several forums, but I still can't figure this out.
View 2 Replies
View Related
Jun 16, 2011
Do you think there is a way of accessing different user data from another account which I have set up.
Ie. user 1 = account has messed up
user 2 = account works fine
access user account 1 home directory from user 2 work space?
View 9 Replies
View Related
Jun 26, 2011
I'm looking for opensource central management software to manage squeeze workstations.
View 4 Replies
View Related
Jul 28, 2011
i'm new to linux and just installed Ubuntu and decided to play around with it. i just executed
Code: useradd test which supposedly creates a folder in the home directory '/home/test' but when i look in there i can't see it i also did a
Code: grep test /etc/passwd which returns: 'test:x:1001:1001::/home/test:/bin/sh' which i believe means it is meant to exist.
Addendum: I have also now noticed that when i log in and log back in i have the option to login as 'test' but it prompts me for a password which i did not set :s
View 5 Replies
View Related
Jun 14, 2010
I'm not sure if this is the proper section of the forum for this, but I haven't really seen anything about this particular topic. I've got Ubuntu 10.04 installed as my main OS. It's on a 25GB partition, and I have a 175GB partition that I use as my /home directory.
On the second hard disk I have a 15GB partition that I would like to install, and try out, Slackware 13.1.
Is it a bad idea to try to also use that 175GB /home partition for Slackware and Ubuntu at the same time? Can that cause incompatibility problems for me, with any shared software between the two distros, or is this something that should work ok?
View 3 Replies
View Related
May 24, 2011
I need to specify a different path to home directories on a particular server than what LDAP contains for the users, besides using a symlink. E.g. "/Users/jdoe" vs "/home/jdoe" I don't want to change the actual LDAP attributes, just want a particular server to point them in the right direction (Ubuntu 10.04).
I'm assuming it's something I could probably set in pam configurations?
View 1 Replies
View Related
Mar 8, 2010
I'm developing an application in which one user must run java software that I'm compiling as another user. I wanted to give user A permission to see the bin direcory of my workspace, which is in the home directory of user B. I was wondering how can this be done? I gave the bin direcotry full read/execute premissions, but since it's in my home directory user A can't navigate to it.
I know there are a few ways I could get around the problem but they arn't very elegant. I was wondering if there is a simple method for giving a user access to a specific directory without giving access to all the parent directories. I tried symbolic link but user A still can't access it, and a hard link to a directory isn't allowed in Linux. I don't feel like making a hard link to every single file in the bin directory, and I'm not sure that would work anyways, since every recompile overwrites them.
View 7 Replies
View Related
May 12, 2011
i have rhel 5.2 and i want to create user using useradd command without creating user home directory and not throwing any warning/error about not creating any home directory.i have tried useradd -u "$NEW_UID" -g <gid> -d "/home/$1" -M "$1"where $1 is user name and $NEW_UID is i am calculating.it throws error as useradd: cannot create directory /home/$1which i dont want to come , how to prevent this?
View 1 Replies
View Related
Feb 24, 2011
I've created a folder in /home called share. I am the owner. It has no group access. Others have full access. Is this setup safe? My current setup:
Code:
/home$ ls
eve share lost+found roy
I want eve and any future users to have full access to the folder 'share'. I am user 'Roy'.
View 9 Replies
View Related
Jul 9, 2011
I have got 11.04 install on my dell system.The system has got 2 harddisk,all my data is store in the 2nd harddisk.How do I share the folder in the 2nd harddisk.Samba is already install in the system.
View 9 Replies
View Related
Mar 7, 2010
I got 9.10 on by laptop and xp on other computer. Installed samba server and xp recognized my laptop but not anything I share on ubuntu. am i missing something in samba config file? Im trying to share home directory on ubuntu and both systems have the same login id.
View 5 Replies
View Related
Oct 6, 2010
I'm running a Samba server (3.5.2-60.fc13) on Fedora 13 (64 bit). I want to share the user home directories and want to allow following of symlinks out of the share tree. So in smb.conf I used
unix extensions = no
wide links = yes
For SELinux I did:
setsebool -P samba_enable_home_dirs=1
getsebool -a | grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
[code]....
However I can't follow the symlinks when mounting my home directory on a Windows machine, unless I disable SeLinux.
View 5 Replies
View Related
Sep 29, 2010
Ubuntu 10.04 64 bit
I ran following command to change username;
# usermod -c "Real name" -l new_username old_username
but forgot adding -m option to move the contents of the old home directory to the new home directory.
Therefore;
# ls /home
old_user_directory
how to fix it. /home is on partition /dev/sda3 NOT on root directory
View 7 Replies
View Related
Apr 22, 2010
I have a question about setting up a Modern warfare 2 server. I manage a Ubuntu 9.0.4 web server at home, and a leased cloud server from rack space, and was curious to see if it's possible for me to also setup a CoD Modern warfare 2 server on it as well.
View 6 Replies
View Related
Jan 16, 2011
iam learning to setup a NFS server with fedora14. I have gone through couple of materials for this topic. I have a doubt. Say if i have user1 till user5 on my NFS server with their home directory under the /home and the /home directory is shared. If user1 logs into a client machine then will he be able to see home folders for the other users or just his own home folder. Because in the /etc/exports file there was an option saying "subtree" and according to my understanding this means that the subdirectories under /home will also be shared. Does that mean all the users should be able to see all other users home directory and its contents but not read/write?? Correct me if iam wrong.
View 1 Replies
View Related
Feb 28, 2011
I was just exploring if i could create a normal user without a home directory. So i edited the file /etc/defaults/useradd and it now shows
[code]...
Why is this so? why isnt the change in useradd reflected here?
View 1 Replies
View Related
Apr 9, 2011
I'm trying to jail a sftp user. All I want is for my daughter-in-law to be able to download pictures of my grandson on his step-uncle's motorcycle. But I don't want her browsing around. She's not a techie, but she's smart enough to catch on how WinSCP is looking at my files. I've set up the jail using jk_init, adding ssh, sftp, bash, netutils, basicshell, jk_lsh.
The physical root of the jail is owned by root, as are all the binaries loaded by the jk_init. The user's home directory is owned recursively by the user and is writable only by the owner. The passwd and group files are in the jailed /etc and populated by the user's lines. Shell is bash, and bash is there too. The error message must be coming from some other problem that's not notifying, but what?
View 4 Replies
View Related
Mar 7, 2011
I run a server where multiple people can access it via SSH and have access to the same folder. Someone recently decided to stop using my server so I deleted their login account inside the User and Group GUI inside gnome. I accidentally selected delete files owned by this user. I didn't think much of it because the user didn't actually own any of the files since it was shared among all of them. Anyway, ALL the files in that shared home directory vanished, including the home directory. How can I recover this? It didn't move all the files to the root trash or my local user's trash folder. Are the permanently deleted?
View 6 Replies
View Related
Aug 23, 2011
I had a student, and she has done some work on her account on my lab computer, but has left the country and is un-contactable.
I have full administrator privileges for this machine, and it is running Ubuntu LTS 10.04
She has a folder which was copied from a windows formatted external hard drive (Probably NTFS) onto her home partition on my machine.
I can open all of her files, except for those in this folder.
As I see it the problem is either something to do with the permissions of the files (coming from NTFS), or some kind of Ubuntu security that I am unaware of?
Here are my attempts to open it code...
View 2 Replies
View Related
Sep 14, 2010
I've a user account in a remote machine. but it doesn't have a home directory in that machine.Is it possible to create a home directory without having root account details. If yes, how it can be done.
View 1 Replies
View Related
Sep 29, 2010
Ubuntu 10.04 64 bit I ran following command to change username; # usermod -c "Real name" -l new_username old_username but forgot adding -m option to move the contents of the old home directory to the new home directory. Therefore; # ls /home old_user_directory
View 4 Replies
View Related
