LDAP? SSH? How to logon to network?
From
Jason.Donenfeld@Jason.Donenfeld@gmail.com to
comp.sys.mac.system on Sunday, April 09, 2006 08:22:31
From Newsgroup: comp.sys.mac.system
My school uses Macs. They run Mac OS X Server. At each computer in the
computer lab, each student is able to logon using their username and
password to their "own desktop" because each computer is authenticated
remotely and their home folder is a remote mount. All programs run
locally.
At studentserver.myschool.org, they run an appletalk file share server,
perhaps another sort of file sharing server, and an ssh server, all of
which I can logon to using my username. At queenbee.myschool.org, the
school runs an ldap server which is used for authentication on each of
the computer lab computers. Logged in as administrator, I looked at the directory services program to obtain ldap information. They connect to
the queenbee server and use the base of dn=..... Also part of this
string is cn=config and it is setup to get all details "from server".
All user name entries have the normal objectType=posixAccount in
addition to some unique apple attributes.
One of the attributes is homeFolder. For me, this is located at /Network/studentserver.myschool.org/Volumes/Hive/myUserName. Logged
onto my account using a mac, in addition to my home folder being
present as I have all my settings unique to me, I can type cd ~ in
terminal and get my homefolder, which is mapped to this path. I can
also cd /Network/studentserver.myschool.org and peak around. My
authentication to this server is based on my username and the group
that I'm in (which was authenticated by ldap before), so it is safe to
conclude that studentserver.myschool.org also logs into this ldap
server and authenticates me using normal credentials.
I installed Linux on one of the G5 towers. How can I set the computer
up such that users are able to login to it using their username and
password and have their home folder be their server share? OpenLDAP?
SSH? AFP? I have tried openldap and I have been unable to get that to
work (ldapsearch -x 'uid=myusername' works but I can't get system wide authentication working).
If I did get OpenLDAP to work, what about the home folder? The
homeFolder attribute ldap mentions refers to a specific place already
existant on the mac computer (/Networks/studentserver.myschool.org), so
perhaps the equivalant would be to have
/Networks/studentserver.myschool.org in /etc/fstab and mounted.
The next question, however, is how can I have this mount like a normal
device directory which uses normal authentication? I have tried
specifying nfs as a fs type, but this does not work. Perhaps I can
utilize the existance of an ssh server running? What about afp? But
then I have to be careful that it uses the normal system wide
authentication mechanism (that authenicates my access to local folders,
for instance) and not a logon of its own.
And on top of that, even after getting OpenLDAP to authenticate system
wide, how will it know to make the homefolder based on the homeFolder attribute?
Or perhaps there's another way to do this, completely through ssh, but
that's doubtful. Any ideas?
--- Synchronet 3.18b-Win32 NewsLink 1.113