Hi, Until now, I've only managed local user management on small network with no more than five or six machines, e. g. all user data stored locally on each and every machine (/etc/passwd, /etc/shadow, /etc/group). Now I'd like to learn remote identity management, that is, all user data stored centrally on one machine (so I don't have to wonder who has which UID and GID when I want to setup an NFS share, for example). I understand there are several ways to achieve that with RHEL/CentOS: NIS, LDAP, Kerberos, SMB, ... The networks I'll have to deal with are 100% GNU/Linux (better: 100% CentOS). So my first question is: which solution is the "best" for such a configuration ? By "best" I mean some compromise between "easy" and "reliable". Any suggestions ? Niki Kovacs
Why don't you have a go on free IPA, it is built on the fedora directory server (LDAP) and has built in MIT Kerberos security, setup is a breeze, especially compared with the Fedora Directory server with manual kerberos setup. Why use smb if you only have linux machines in your network? NIS is simple to setup and maintain but hard to secure. so use some kind of ldap implementation, and your wish is reliable:ldap, secure:kerberos and simple:webinterface = free-ipa http://www.freeipa.org succes Sander Snel On 07/03/2009 10:45 AM, Niki Kovacs wrote:> Hi, > > Until now, I've only managed local user management on small network with > no more than five or six machines, e. g. all user data stored locally on > each and every machine (/etc/passwd, /etc/shadow, /etc/group). Now I'd > like to learn remote identity management, that is, all user data stored > centrally on one machine (so I don't have to wonder who has which UID > and GID when I want to setup an NFS share, for example). > > I understand there are several ways to achieve that with RHEL/CentOS: > NIS, LDAP, Kerberos, SMB, ... > > The networks I'll have to deal with are 100% GNU/Linux (better: 100% > CentOS). So my first question is: which solution is the "best" for such > a configuration ? By "best" I mean some compromise between "easy" and > "reliable". > > Any suggestions ? > > Niki Kovacs > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >
If you need?a ldap solutiion then I would really recommend the directory server especially if you do not have any experience with LDAP, the install and other documentation is also really well documented, you can find more info here: http://www.howtoforge.org/centos-directory-server-on-centos5.2 [1] Per E-mail: per at norhex.com [2] http://www.linkedin.com/in/perqvindesland [3] --- Original message follows --- SUBJECT:?Re: [CentOS] Remote identity management FROM: ?Niki Kovacs TO:?"CentOS mailing list" DATE:?03-07-2009 11:22 Sander Snel a ?crit :> there is a repo with the enterprise ipa for centos 5 available > > http://www.math.ias.edu/PU_IAS/RHEIPA/5.2/ > > or follow the instructions how to build it yourself from howtoforge > > http://www.howtoforge.com/how-to-build-rhel-ipa-rpms-for-centos-5Thanks! I'll keep that information "in a corner of my head", as the French say. I just skimmed through the online docs, which require "a knowledge of LDAP". That's not the case for me, so I'll have a go at experimenting with LDAP first. Cheers, Niki _______________________________________________ CentOS mailing list CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos Links: ------ [1] http://www.howtoforge.org/centos-directory-server-on-centos5.2 [2] http://webmail.norhex.com/# [3] http://www.linkedin.com/in/perqvindesland -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20090703/262a5c4b/attachment-0003.html>
For an easy install of just ldap then this one could also do: http://fedoranews.org/mediawiki/index.php/How_to_setup_and_maintain_OpenLDAP_server_for_your_network [1] Not so sure how funny it is do. Per E-mail: per at norhex.com [2] http://www.linkedin.com/in/perqvindesland [3] --- Original message follows --- SUBJECT:?Re: [CentOS] Remote identity management FROM: ?Niki Kovacs TO:?"CentOS mailing list" DATE:?03-07-2009 12:20 Niki Kovacs a ?crit :> Thanks! I'll keep that information "in a corner of my head", as the> French say. I just skimmed through the online docs, which require"a> knowledge of LDAP". That's not the case for me, so I'll have a goat> experimenting with LDAP first. >Since I'm completely new to the subject, can someone suggest some *newbie-friendly* introduction to LDAP? By "newbie-friendly", I mean ideally: * well explained * step by step * fun to read Cheers, Niki _______________________________________________ CentOS mailing list CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos Links: ------ [1] http://fedoranews.org/mediawiki/index.php/How_to_setup_and_maintain_OpenLDAP_server_for_your_network [2] http://webmail.norhex.com/# [3] http://www.linkedin.com/in/perqvindesland -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20090703/feee5019/attachment-0003.html>