FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 04-21-2011, 06:51 PM
 
Default User accounts management for small office

Jeff Boyce wrote:
> Greetings -
>
> This may be a little off-topic here so if someone wants to point me to a
> more appropriate mailing list I would appreciate it.
<snip>
> The issue that I would like to be able to resolve when the new server is
> installed, is that currently if a user wants to change the password on
> their Windows workstation, I have to manually update that new password
on the
> Linux user account, and also manually change the Samba user account.
> Manually updating the password in three different locations is a minor
> headache that I would like to correct. I have been researching and
<snip>
You *could* do it with openldap, with the WinDoze boxen authenticating
through that. Now, I'll warn you that though it may have improved, a few
years ago, openldap was a nightmare to configure, the documentation
dreadull where it wasn't almost useless, and googling involved a *lot* of
searching.

However, I did put it in in '06 for what wound up to be about 14 or 15
folks, and it worked, and they could change passwords themselves.

mark

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 04-21-2011, 06:55 PM
 
Default User accounts management for small office

On Apr 21, 2011, at 11:51 AM, m.roth@5-cent.us wrote:

> Jeff Boyce wrote:
>> Greetings -
>>
>> This may be a little off-topic here so if someone wants to point me
>> to a
>> more appropriate mailing list I would appreciate it.
> <snip>
>> The issue that I would like to be able to resolve when the new
>> server is
>> installed, is that currently if a user wants to change the password
>> on
>> their Windows workstation, I have to manually update that new
>> password
> on the
>> Linux user account, and also manually change the Samba user account.
>> Manually updating the password in three different locations is a
>> minor
>> headache that I would like to correct. I have been researching and
> <snip>
> You *could* do it with openldap, with the WinDoze boxen authenticating
> through that. Now, I'll warn you that though it may have improved, a
> few
> years ago, openldap was a nightmare to configure, the documentation
> dreadull where it wasn't almost useless, and googling involved a
> *lot* of
> searching.

Yes, agreed OpenLDAP is my suggestion as well.

As for Windows clients, you can either do;

Samba/LDAP tie in so that your LDAP domain also function as a PDC.

Or you can use pGina which is a Windows LDAP plugin that allows your
Windows clients to auth direct to LDAP w/o the need to join a PDC first.

I prefer pGina but its not for every one.

- aurf


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 04-21-2011, 07:09 PM
Scott Robbins
 
Default User accounts management for small office

On Thu, Apr 21, 2011 at 02:51:35PM -0400, m.roth@5-cent.us wrote:
> Jeff Boyce wrote:
> > Greetings -
> >


> > installed, is that currently if a user wants to change the password on
> > their Windows workstation, I have to manually update that new password
> on the
> > Linux user account, and also manually change the Samba user account.
> > Manually updating the password in three different locations is a minor
> > headache that I would like to correct. I have been researching and
> <snip>


> You *could* do it with openldap, with the WinDoze boxen authenticating
> through that. Now, I'll warn you that though it may have improved, a few
> years ago, openldap was a nightmare to configure, the documentation
> dreadull where it wasn't almost useless, and googling involved a *lot* of
> searching.

I have a page on openldap--though I don't cover it with samba--that is a
cut above most of the documentation, in my not at all humble opinion--I
fully agree with Mark that the vast majority of ldap documentation is
horrendous. Some folks have found my page useful, so I'll offer it for
consideration.

http://home.roadrunner.com/~computertaijutsu/ldap.html



--
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

Cordelia: I do what I want to do. And I wear what I want to wear.
And you know what, I'll date whoever the hell I want to date...
no matter how lame he is.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 04-21-2011, 07:16 PM
Les Mikesell
 
Default User accounts management for small office

On 4/21/2011 1:39 PM, Jeff Boyce wrote:
> Greetings -
>
> This may be a little off-topic here so if someone wants to point me to a
> more appropriate mailing list I would appreciate it.
>
> I administer the network for my small company and am preparing to install a
> new server in the next month or so. It will be running CentOS 6 and
> function primarily as a Samba file server to 10 Windows workstations (XP,
> Vista, 7). It will also host our OpenVPN server and possibly our FTP
> server; however I am hoping to move our FTP server to a gateway box when the
> new server is installed.

Have you looked at the ClearOS distribution? It comes up with a simple
web interface to manage all of this with authentication done with a
pre-configured LDAP setup. I think LDAP replication is slated for the
next version - which is waiting for CentOS 6 for it's components but
you'd only need that if you have several different servers and want
changes to propagate across them.

--
Les Mikesell
lesmikesell@gmail.com


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 04-21-2011, 07:18 PM
 
Default User accounts management for small office

On Apr 21, 2011, at 12:09 PM, Scott Robbins wrote:

> I have a page on openldap--though I don't cover it with samba--that
> is a
> cut above most of the documentation, in my not at all humble
> opinion--I
> fully agree with Mark that the vast majority of ldap documentation is
> horrendous. Some folks have found my page useful, so I'll offer it
> for
> consideration.
>
> http://home.roadrunner.com/~computertaijutsu/ldap.html

Nice link, thanks for that.

Wished I would have known about it all those moons ago. I would also
advice subing to the openldap mailing lists but keep in mind its
HEAVILY moderated so be mindful of your posts regarding topic. They
will deny the post if they feel its for another ldap list. A very
very anal list indeed.


Also for the Samba bit, you can look here as it helped me;

http://pbraun.nethence.com/doc/net/samba-ldap.html

- aurf
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 04-21-2011, 07:23 PM
 
Default User accounts management for small office

Scott Robbins wrote:
<snip>
> I have a page on openldap--though I don't cover it with samba--that is a
> cut above most of the documentation, in my not at all humble opinion--I
> fully agree with Mark that the vast majority of ldap documentation is
> horrendous. Some folks have found my page useful, so I'll offer it for
> consideration.
>
> http://home.roadrunner.com/~computertaijutsu/ldap.html

And after a *very* brief glance, I've bookmarked it for future reference,
since it has things like *examples* of what needs doing, and how to get
there....

Thanks, Scott.
>
> Cordelia: I do what I want to do. And I wear what I want to wear.
> And you know what, I'll date whoever the hell I want to date...
> no matter how lame he is.

Vorkosigan?

mark

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 04-21-2011, 07:24 PM
 
Default User accounts management for small office

Les Mikesell wrote:
> On 4/21/2011 1:39 PM, Jeff Boyce wrote:
>> Greetings -
>>
>> This may be a little off-topic here so if someone wants to point me to a
>> more appropriate mailing list I would appreciate it.
>>
>> I administer the network for my small company and am preparing to
>> install a new server in the next month or so. It will be running
CentOS 6 and
>> function primarily as a Samba file server to 10 Windows workstations
>> (XP, Vista, 7). It will also host our OpenVPN server and possibly our FTP
>> server; however I am hoping to move our FTP server to a gateway box when
>> the new server is installed.
>
> Have you looked at the ClearOS distribution? It comes up with a simple
> web interface to manage all of this with authentication done with a
> pre-configured LDAP setup. I think LDAP replication is slated for the
> next version - which is waiting for CentOS 6 for it's components but
> you'd only need that if you have several different servers and want
> changes to propagate across them.

Actually, I found webmin helpful in setting up and testing openldap.

mark

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 04-21-2011, 07:47 PM
Les Mikesell
 
Default User accounts management for small office

On 4/21/2011 2:24 PM, m.roth@5-cent.us wrote:
> Les Mikesell wrote:
>> On 4/21/2011 1:39 PM, Jeff Boyce wrote:
>>> Greetings -
>>>
>>> This may be a little off-topic here so if someone wants to point me to a
>>> more appropriate mailing list I would appreciate it.
>>>
>>> I administer the network for my small company and am preparing to
>>> install a new server in the next month or so. It will be running
> CentOS 6 and
>>> function primarily as a Samba file server to 10 Windows workstations
>>> (XP, Vista, 7). It will also host our OpenVPN server and possibly our FTP
>>> server; however I am hoping to move our FTP server to a gateway box when
>>> the new server is installed.
>>
>> Have you looked at the ClearOS distribution? It comes up with a simple
>> web interface to manage all of this with authentication done with a
>> pre-configured LDAP setup. I think LDAP replication is slated for the
>> next version - which is waiting for CentOS 6 for it's components but
>> you'd only need that if you have several different servers and want
>> changes to propagate across them.
>
> Actually, I found webmin helpful in setting up and testing openldap.

Webmin is a very different concept. It is a mostly a web-form editor
for the underlying program's config file that may know enough to keep
you from making/saving the kinds of syntax errors that you can make with
a normal text editor, but you still have to know what program to start
for each service, know the relationships between programs, and make
separate changes to each program, knowing what all of the options do.

ClearOS and the similar/earlier SME server are much more task/service
oriented with preconfigured settings to make the common services you
want come up and forms that relate to what you want to do rather than
having to deal with options in several different different underlying
programs. So even though it is running the same samba and openldap as a
Centos install, you don't need to change anything to make them work
together. And some things that are conceptually even harder, like
optionally enabling openvpn per user and generating client certificates
are checkbox/push button items.

--
Les Mikesell
lesmikesell@gmail.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 04-21-2011, 07:49 PM
Devin Reade
 
Default User accounts management for small office

I'd say base it on OpenLDAP. As far as the password change option,
one simple but effective system is the passwd.cgi script from cgipaf:

<http://freshmeat.net/projects/cgipaf/>

Although you already have to provide your old password to do an
update, putting it behind http-basic authentication will allow
you to use things like fail2ban to protect against brute forcing.

Devin

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 04-21-2011, 08:06 PM
Devin Reade
 
Default User accounts management for small office

--On Thursday, April 21, 2011 01:49:16 PM -0600 Devin Reade <gdr@gno.org>
wrote:

> As far as the password change option,
> one simple but effective system is the passwd.cgi script from cgipaf:
>
> <http://freshmeat.net/projects/cgipaf/>

Sorry, brain fart.

Yes, cgipaf will allow you to change samba passwords at the same time,
but it's been a few years since I needed to support samba and so I don't
have a *current* assessment of it. (I currently use a functionally
similar cgi program that updates LDAP via PAM instead, but knows nothing
about samba.)

Devin

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 01:44 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org