Discussion:
[Ltsp-discuss] LDAP setup
Great Avenger Singh
2014-12-06 16:28:18 UTC
Permalink
Hi I want to setup LDAP for user login on debian-64_amd(root-server)
and debian-i386(two application servers).

In my LDAP setup every user should be able to login from any
thin-client machine.

Do I need to go with procedure in the following link?
https://forum.zentyal.org/index.php?topic=12925.0

Otherwise if there is dedicated thread please show me light?
--
Thanks
Arshpreet Singh
http://arshpreetsingh.wordpress.com/
“If we all did the things we are really capable of doing, we would
literally astound ourselves …”
T. E.
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try
Lance Levsen
2014-12-08 16:34:49 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Arshpreet,

While helpful, that link is a bit dated and it doesn't deal at all with
secondary servers authenticating to the directory. I'm also biased
against any document that tells you to rm any original configuration file.

It's a fairly complex thing, so you should set milestones and if this is
your first time and there are questions you need to think about.

Is it a Linux only directory or will you be providing Samba
authentication too? Any other authentication? If so, are Kerberos
tickets (SASL) a good idea too? SASL increases the complexity.

Here is the Debian way, https://wiki.debian.org/LDAP/PAM

If they're thin clients, getting it working on the server and
application servers is sufficient, if thick as well, you have to set up
NSS/PAM in their chroot too.

You will know it's working when a $> getent passwd returns the LDAP
users as well as the system users on a machine.

If you have specific questions feel free to ask.

One thing, in my experience, always set a local (non-ldap) root
password. If you don't and LDAP dies/corrupts/isn't working, you can
still login locally.

Cheers,
lance
Post by Great Avenger Singh
Hi I want to setup LDAP for user login on debian-64_amd(root-server)
and debian-i386(two application servers).
In my LDAP setup every user should be able to login from any
thin-client machine.
Do I need to go with procedure in the following link?
https://forum.zentyal.org/index.php?topic=12925.0
Otherwise if there is dedicated thread please show me light?
- --
Lance Levsen, Catprint Computing
C: 306-230-8783 P: 306-493-2278
PO Box 579 Delisle, SK, S0L 0P0
Canada
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iEYEARECAAYFAlSF0ykACgkQWSOc2vLaecjD8ACfe1H39NJP7NilqfEIdyuJ2upd
y4IAoO4JTZqvJOm13XG843ffN5q50Cr8
=qFsW
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.freenode.net
Vagrant Cascadian
2014-12-08 17:31:15 UTC
Permalink
Post by Lance Levsen
Here is the Debian way, https://wiki.debian.org/LDAP/PAM
If they're thin clients, getting it working on the server and
application servers is sufficient, if thick as well, you have to set up
NSS/PAM in their chroot too.
Not necessarily. LTSP fat clients just ssh to the server to get
authentication information as well as thin clientsq. Though applications
that require passwords (in particular, screen lockers) may require
additional configuration (such as LDM_PASSWORD_HASH=true, introduced in
LDM 2.2.14), and password changing programs need to be configured to run
as remote apps.

Or, you can try configuring the fat clients to use LDAP... :)


live well,
vagrant
Great Avenger Singh
2014-12-09 15:11:52 UTC
Permalink
Post by Vagrant Cascadian
Not necessarily. LTSP fat clients just ssh to the server to get
authentication information as well as thin clientsq. Though applications
that require passwords (in particular, screen lockers) may require
additional configuration (such as LDM_PASSWORD_HASH=true, introduced in
LDM 2.2.14), and password changing programs need to be configured to run
as remote apps.
Yes Vagrant. LDM. Actually this question was posted before our
discussion on IRC. Mostly all the documentations on Internet are old
and newbies stuck on the things to understand how LTSP work.(Mostly
filesystem, Starting of X and login manager->LDM)

Some days ago this ML helped me to setup a system for Thinclients.
Frankly speaking I just did copy-paste various lines and things
worked. :D

This time I wanted to know how the things work with LTSP so I could
end up with a nice tutorial and documentation. I tried to compile LTSP
from source with a wish that I could help myself and others. Started a
thread on this ML for the required instructions. (hope to see you
there :) )

My secondary aim is to run LTSP with Rocks-cluster if I could. (Just
curiosity and craziness )
--
Thanks
Arshpreet Singh
http://arshpreetsingh.wordpress.com/
“If we all did the things we are really capable of doing, we would
literally astound ourselves …”
T. E.
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additio
Ivan Mincik
2014-12-08 20:34:40 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Post by Great Avenger Singh
Hi I want to setup LDAP for user login on
debian-64_amd(root-server) and debian-i386(two application
servers).
In my LDAP setup every user should be able to login from any
thin-client machine.
Do I need to go with procedure in the following link?
https://forum.zentyal.org/index.php?topic=12925.0
Otherwise if there is dedicated thread please show me light?
Hi, GIS.lab project [1] is using LTSP Fat clients and LDAP
authentication. Server installation is done by Ansible [2] and client
configuration by custom LTSP plugins [3].

1 - http://imincik.github.io/gis-lab/

2 -
https://github.com/imincik/gis-lab/blob/master/system/roles/service-ldap/tasks/main.yml

3 -
https://github.com/imincik/gis-lab/blob/master/system/roles/service-client/files/static/system/ltsp/030-gislab-ldap



- --
Ivan Minčík
***@gmail.com GPG: 0x79529A1E
http://imincik.github.io/0x79529A1E.key
***@gista.sk GPG: 0xD714B02C
http://imincik.github.io/0xD714B02C.key
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJUhgtbAAoJEPfdLsR5Upoel3QH/AhYa2aLvtLSlogs7dJCsO2Y
0naNvuTAjJ9EI9IBPoa/l/5IWd4SBjAH2VE04ixv76CroPSJsXWIZKKku9Z7E09+
KPWhLOQnfzAWHfxXJ5xNTXY4qqd/AGQQw88r8NpwdXeo5/ffiRB9TMsXrgeqcoqb
KuVEttFr6lhjNWAUjWNfspeqsfe2XnzItuTpNhI2e93R9W7BAOOAdaUBxAtkJD0L
nyS4xL5y5iz4gZzuc7hheKnnTuSvxm0V49civ3kL+0nNG6dUXAbG6Q2XE23mSNh3
9LC9+PO22AxWEnKxqHcmU85lPLPcmhM0pc72l6IqF5D2PytEy7Rj9ynt6tLEfoE=
=rirv
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional
Great Avenger Singh
2014-12-09 15:21:22 UTC
Permalink
Post by Ivan Mincik
Hi, GIS.lab project [1] is using LTSP Fat clients and LDAP
authentication. Server installation is done by Ansible [2] and client
configuration by custom LTSP plugins [3].
1 - http://imincik.github.io/gis-lab/
2 -
https://github.com/imincik/gis-lab/blob/master/system/roles/service-ldap/tasks/main.yml
3 -
https://github.com/imincik/gis-lab/blob/master/system/roles/service-client/files/static/system/ltsp/030-gislab-ldap
Thanks for the help Ivan.

I feel from Vagrant words we don't need LDAP authentication anymore
for LTSP setup or I am wrong somewhere?
--
Thanks
Arshpreet Singh
http://arshpreetsingh.wordpress.com/
“If we all did the things we are really capable of doing, we would
literally astound ourselves …”
T. E.
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP he
Vagrant Cascadian
2014-12-09 18:01:40 UTC
Permalink
Post by Great Avenger Singh
I feel from Vagrant words we don't need LDAP authentication anymore
for LTSP setup or I am wrong somewhere?
Well, long term proper PAM integration to be able to use LDAP, SAMBA,
*SQL, Kerberos, etc. would be better, but there are workarounds/hacks
for some use-cases that do not require it by using LDM_PASSWORD_HASH.

live well,
vagrant

Continue reading on narkive:
Loading...