A while ago I posted about joining Ubuntu machines to an NFS / NIS setup. Well, things have moved on since then; both later Ubuntu distros and our authentication is now LDAP. So, here's the up to date procedure. This does assume some knowledge of linux commands and familiarity with editing config files.
As before, the first issue is that of moving /home. And that hasn't changed. When setting up the machine create a user who is local to the machine - pick a name that won't clash with any user in the LDAP - and then after the initial setup, boot in single user mode and move /home to /localhome. Then edit /etc/passwd to change references to /home into /localhome.
To allow NFS shares to be mounted install the nfs-common package. Then you can edit /etc/fstab to include the mounting of any NFS shares (after having made the mount point)
e.g.
bigserver:/home /home nfs defaults 0 0
Then to get the authentication going you want to install libnss-ldap and libpam-ldap. The installation of these packages will ask for the details of your LDAP setup such as the base dn and the admin cn and password.
Give it a re-boot and you should be off and running.
One caveat - due to the timing of things launching - you may see warnings about certain partitions not being mounted. This can be caused by delays in getting a network address.
A quick fix for this is to add "mount -a" to the /etc/rc.local file to force a re-try at any mounts that fail at the end of the boot process.
If you want to allow any of your users to have special powers on the desktop then /etc/security/group.conf is your friend. This grants extra group membership to logged in users depending on where they come from and what time / day it is.
You will probably want a line like:
gdm;*;*;Al0000-2400;cdrom, floppy, audio, video, plugdev
to allow all users at the desktop access to relevant hardware
But you may also want
gdm;*;importantuser;Al0000-2400;lpadmin, admin
To allow importantuser to do administrative things. You'll then need to add
auth optional pam_group.so
to /etc/pam.d/common-auth to make this active.
Wednesday 10 February 2010
Subscribe to:
Posts (Atom)