virtualspy Posted March 13, 2003 Report Share Posted March 13, 2003 Can Mandrake users logon to the computer by authenticating via Windoze domain usernames/passwords? I have seen instructions for this on the Lycoris distribution, but they didn't work for me. I like Mandrake better, but have not seen documentation addressing this. I'm open to a Linux equivalent to centralized user management ...I've read in Mandrake documentation that NIS has serious security flaws. Quote Link to comment Share on other sites More sharing options...
theYinYeti Posted March 13, 2003 Report Share Posted March 13, 2003 Indeed, NIS is not the best solution. You could use SSH+LDAP (I think that's possible). Or you can login with a Windows machine, using Samba. Quote Link to comment Share on other sites More sharing options...
virtualspy Posted March 13, 2003 Author Report Share Posted March 13, 2003 I will read more about SSH and LDAP, thanks. Samba acting as a Win domain for Win clients is good, but what about the Linux clients? Quote Link to comment Share on other sites More sharing options...
theYinYeti Posted March 13, 2003 Report Share Posted March 13, 2003 I never used Samba, but there's a utility to login on Samba from Linux. ranger is the Samba God, but I don't remember on which forum he is. Ranger, are you there? Yves. Quote Link to comment Share on other sites More sharing options...
paul Posted March 13, 2003 Report Share Posted March 13, 2003 yes you can with samba. there is some funky samba configuration, but it is possible... you have to do things, like make a new samba users for each machine (not each user ... each machine !!!) wierd but it works, and works well Quote Link to comment Share on other sites More sharing options...
ranger Posted March 19, 2003 Report Share Posted March 19, 2003 Mandrake 9.0 has winbind support, but really only available during install. It can be done with a bit of effort after install: # cp /etc/samba/smb-winbind.conf /etc/samba/smb.conf Edit /etc/samba/smb.conf and reset your 'workgroup' to be the first component of your domain name (ie if your domain name is mycoollan.net, make workgroup = 'mycoollan'). # smbpasswd -j mycoollan -U Administrator (instead of Administrator, you can use any user that has rights to join the machine to the domain, as long as your machine name is correct) # urpmi samba-winbind # service winbind start # wbinfo -u (should show domain users) # cp /etc/pam.d/system-auth /etc/pam.d/system-auth.orig (backup the file) # cp /etc/pam.d/system-auth-winbind /etc/pam.d/system-auth (replace it with the winbind one # mkdir /home/MYCOOLLAN Now you should be able to log into all pam services with your domain account. For more info see http://ranger.dnsalias.com/mandrake/samba/...Networks.tar.gz http://ranger.dnsalias.com/mandrake/samba/...%20Networks.pdf http://ranger.dnsalias.com/mandrake/samba/...ks-handouts.pdf (the tarball has example configs). I hope it still works in 9.1 ... it wasn't quite working in 9.1rc2. Quote Link to comment Share on other sites More sharing options...
ranger Posted March 19, 2003 Report Share Posted March 19, 2003 yes you can with samba.there is some funky samba configuration, but it is possible... you have to do things, like make a new samba users for each machine (not each user ... each machine !!!) wierd but it works, and works well No, actually you only need machine accounts (and user accounts) on domain controllers. See http://ranger.dnsalias.com/mandrake/muo/co...ct/csamba6.html for more details. And windows-controlled domains also also keep machine accounts. Quote Link to comment Share on other sites More sharing options...
ranger Posted March 19, 2003 Report Share Posted March 19, 2003 Can Mandrake users logon to the computer by authenticating via Windoze domain usernames/passwords? I have seen instructions for this on the Lycoris distribution, but they didn't work for me. I like Mandrake better, but have not seen documentation addressing this. I'm open to a Linux equivalent to centralized user management ...I've read in Mandrake documentation that NIS has serious security flaws. The real solution to this (unless you want to pay lots of money to Microsoft) is to run LDAP, use it for linux authentication, and setup samba as a domain controller to authenticate the Windows machines, but set samba up to store its passwords in LDAP. This is a bit complex at present, but well worth it. We have a working backup domain controller also, accomplished using LDAP slaves. In fact, our linux laptops authenticate via a local LDAP slave, so they can authenticate when disconnected from the network. We are working on a howto for the samba part, to go with the LDAP tutorial on http://mandrakesecure.net (a must-read). If you are considering doing this before the howto is published, just remember to get your LDAP-enabled samba RPMs for Mandrake (8.0 through 9.1) from the samba FTP mirrors, under Binary_Packages/Mandrake Quote Link to comment Share on other sites More sharing options...
virtualspy Posted March 22, 2003 Author Report Share Posted March 22, 2003 I just wanted to give a quick thank you for the helpful responses. Cheers! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.