Try pam-mount with samba or nfs for the home dirs..<br><br><div><span class="gmail_quote">2006/4/8, Jason A. Donenfeld <<a href="mailto:TheMan@...">TheMan@...</a>>:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
My school uses Macs. They run Mac OS X Server. At each computer in the<br>computer lab, each student is able to logon using their username and<br>password to their "own desktop" because each computer is authenticated
<br>remotely and their home folder is a remote mount. All programs run<br>locally.<br><br>At <a href="http://studentserver.myschool.org">studentserver.myschool.org</a>, they run an appletalk file share<br>server, perhaps another sort of file sharing server, and an ssh
<br>server, all of which I can logon to using my username. At<br><a href="http://queenbee.myschool.org">queenbee.myschool.org</a>, the school runs an ldap server which is used<br>for authentication on each of the computer lab computers. Logged in as
<br>administrator, I looked at the directory services program to obtain<br>ldap information. They connect to the queenbee server and use the base<br>of dn=..... Also part of this string is cn=config and it is setup to<br>
get all details "from server". All user name entries have the normal<br>objectType=posixAccount in addition to some unique apple attributes.<br><br>One of the attributes is homeFolder. For me, this is located at
<br>/Network/studentserver.myschool.org/Volumes/Hive/myUserName. Logged<br>onto my account using a mac, in addition to my home folder being<br>present as I have all my settings unique to me, I can type cd ~ in<br>terminal and get my homefolder, which is mapped to this path. I can
<br>also cd /Network/studentserver.myschool.org and peak around. My<br>authentication to this server is based on my username and the group<br>that I'm in (which was authenticated by ldap before), so it is safe to<br>conclude that
<a href="http://studentserver.myschool.org">studentserver.myschool.org</a> also logs into this ldap<br>server and authenticates me using normal credentials.<br><br>I installed Linux on one of the G5 towers. How can I set the computer
<br>up such that users are able to login to it using their username and<br>password and have their home folder be their server share? OpenLDAP?<br>SSH? AFP? I have tried openldap and I have been unable to get that to<br>work (ldapsearch -x 'uid=myusername' works but I can't get system wide
<br>authentication working).<br><br>If I did get OpenLDAP to work, what about the home folder? The<br>homeFolder attribute ldap mentions refers to a specific place already<br>existant on the mac computer (/Networks/studentserver.myschool.org),
<br>so perhaps the equivalant would be to have<br>/Networks/studentserver.myschool.org in /etc/fstab and mounted.<br><br>The next question, however, is how can I have this mount like a normal<br>device directory which uses normal authentication? I have tried
<br>specifying nfs as a fs type, but this does not work. Perhaps I can<br>utilize the existance of an ssh server running? What about afp? But<br>then I have to be careful that it uses the normal system wide<br>authentication mechanism (that authenicates my access to local
<br>folders, for instance) and not a logon of its own.<br><br>And on top of that, even after getting OpenLDAP to authenticate system<br>wide, how will it know to make the homefolder based on the homeFolder<br>attribute?<br>
<br>Or perhaps there's another way to do this, completely through ssh, but<br>that's doubtful. Any ideas?<br><br>--<br>Jason A. Donenfeld<br>Deep Space Explorer<br><br>--<br><a href="mailto:gentoo-admin@g.o">gentoo-admin@g.o
</a> mailing list<br><br></blockquote></div><br>
|
