Hi,
Until now, I've only managed local user management on small network with no more than five or six machines, e. g. all user data stored locally on each and every machine (/etc/passwd, /etc/shadow, /etc/group). Now I'd like to learn remote identity management, that is, all user data stored centrally on one machine (so I don't have to wonder who has which UID and GID when I want to setup an NFS share, for example).
I understand there are several ways to achieve that with RHEL/CentOS: NIS, LDAP, Kerberos, SMB, ...
The networks I'll have to deal with are 100% GNU/Linux (better: 100% CentOS). So my first question is: which solution is the "best" for such a configuration ? By "best" I mean some compromise between "easy" and "reliable".
Any suggestions ?
Niki Kovacs
Why don't you have a go on free IPA, it is built on the fedora directory server (LDAP) and has built in MIT Kerberos security, setup is a breeze, especially compared with the Fedora Directory server with manual kerberos setup. Why use smb if you only have linux machines in your network? NIS is simple to setup and maintain but hard to secure. so use some kind of ldap implementation, and your wish is reliable:ldap, secure:kerberos and simple:webinterface = free-ipa
succes
Sander Snel
On 07/03/2009 10:45 AM, Niki Kovacs wrote:
Hi,
Until now, I've only managed local user management on small network with no more than five or six machines, e. g. all user data stored locally on each and every machine (/etc/passwd, /etc/shadow, /etc/group). Now I'd like to learn remote identity management, that is, all user data stored centrally on one machine (so I don't have to wonder who has which UID and GID when I want to setup an NFS share, for example).
I understand there are several ways to achieve that with RHEL/CentOS: NIS, LDAP, Kerberos, SMB, ...
The networks I'll have to deal with are 100% GNU/Linux (better: 100% CentOS). So my first question is: which solution is the "best" for such a configuration ? By "best" I mean some compromise between "easy" and "reliable".
Any suggestions ?
Niki Kovacs _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
there is a repo with the enterprise ipa for centos 5 available
http://www.math.ias.edu/PU_IAS/RHEIPA/5.2/
or follow the instructions how to build it yourself from howtoforge
http://www.howtoforge.com/how-to-build-rhel-ipa-rpms-for-centos-5
On 07/03/2009 11:08 AM, Sander Snel wrote:
Why don't you have a go on free IPA, it is built on the fedora directory server (LDAP) and has built in MIT Kerberos security, setup is a breeze, especially compared with the Fedora Directory server with manual kerberos setup. Why use smb if you only have linux machines in your network? NIS is simple to setup and maintain but hard to secure. so use some kind of ldap implementation, and your wish is reliable:ldap, secure:kerberos and simple:webinterface = free-ipa
succes
Sander Snel
On 07/03/2009 10:45 AM, Niki Kovacs wrote:
Hi,
Until now, I've only managed local user management on small network with no more than five or six machines, e. g. all user data stored locally on each and every machine (/etc/passwd, /etc/shadow, /etc/group). Now I'd like to learn remote identity management, that is, all user data stored centrally on one machine (so I don't have to wonder who has which UID and GID when I want to setup an NFS share, for example).
I understand there are several ways to achieve that with RHEL/CentOS: NIS, LDAP, Kerberos, SMB, ...
The networks I'll have to deal with are 100% GNU/Linux (better: 100% CentOS). So my first question is: which solution is the "best" for such a configuration ? By "best" I mean some compromise between "easy" and "reliable".
Any suggestions ?
Niki Kovacs _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Sander Snel a écrit :
there is a repo with the enterprise ipa for centos 5 available
http://www.math.ias.edu/PU_IAS/RHEIPA/5.2/
or follow the instructions how to build it yourself from howtoforge
http://www.howtoforge.com/how-to-build-rhel-ipa-rpms-for-centos-5
Thanks! I'll keep that information "in a corner of my head", as the French say. I just skimmed through the online docs, which require "a knowledge of LDAP". That's not the case for me, so I'll have a go at experimenting with LDAP first.
Cheers,
Niki
Niki Kovacs a écrit :
Thanks! I'll keep that information "in a corner of my head", as the French say. I just skimmed through the online docs, which require "a knowledge of LDAP". That's not the case for me, so I'll have a go at experimenting with LDAP first.
Since I'm completely new to the subject, can someone suggest some *newbie-friendly* introduction to LDAP? By "newbie-friendly", I mean ideally:
* well explained * step by step * fun to read
Cheers,
Niki
Niki Kovacs wrote:
Since I'm completely new to the subject, can someone suggest some *newbie-friendly* introduction to LDAP? By "newbie-friendly", I mean ideally:
- well explained
- step by step
I really liked "LDAP for Rocket Scientists":
http://www.zytrax.com/books/ldap/
- fun to read
Well. It wraps itself around LDAP. For that it is astonishingly funny. But do not expect too much :)
Cheers,
Ralph
Ralph Angenendt a écrit :
I really liked "LDAP for Rocket Scientists":
http://www.zytrax.com/books/ldap/
- fun to read
Well. It wraps itself around LDAP. For that it is astonishingly funny. But do not expect too much :)
Well, the beginning looks very promising, thanks for the link. I've spent the last few days wading through BIND documentation, so there's a high chance I'm still in the right frame of mind.
Cheers,
Niki
On Fri, Jul 03, 2009 at 12:32:13PM +0200, Ralph Angenendt wrote:
Niki Kovacs wrote:
Since I'm completely new to the subject, can someone suggest some *newbie-friendly* introduction to LDAP? By "newbie-friendly", I mean ideally:
- well explained
- step by step
If you're into dead-tree docs, I like ORA's LDAP book:
http://oreilly.com/catalog/9781565924918/
I like that it has a chapter on the Perl Net::LDAP module; it helped me write some tools to help me admin my LDAP server.
I really liked "LDAP for Rocket Scientists":
What if one's not a rocket scientist?!? :)
One thing the above URL doesn't really cover is configuring the directory for authentication against an LDAP server using NSS or PAM. The DNs need particular objectClasses and other attributes in order for pam_ldap or nss_ldap to be able to function properly. (The ORA book does cover this, though it's not the strongest chapter.) (Once the LDAP server is configured correctly, just use system-config-authentication to configure the CentOS clients.)
--keith
-
Keith Keller -
Niki Kovacs -
Ralph Angenendt -
Sander Snel