Comments on: Authentication Servers http://blogs.cae.tntech.edu/mwr/2007/05/16/authentication-servers/ A partial repository of whatever comes to mind Sat, 21 Nov 2009 07:51:49 -0600 http://wordpress.org/?v=2.8.4 hourly 1 By: Mike Renfro’s Blog : Authentication Servers, the Next Generation http://blogs.cae.tntech.edu/mwr/2007/05/16/authentication-servers/comment-page-1/#comment-95 Mike Renfro’s Blog : Authentication Servers, the Next Generation Thu, 02 Aug 2007 23:48:53 +0000 http://blogs.cae.tntech.edu/mwr/2007/05/16/authentication-servers/#comment-95 [...] mildly embarassed by my previous setup authentication servers, but this one should be a vast improvement. A reminder of the existing constraints and [...] [...] mildly embarassed by my previous setup authentication servers, but this one should be a vast improvement. A reminder of the existing constraints and [...]

]]> By: Mike Renfro’s Blog : The New File Server: Puppet and Modules http://blogs.cae.tntech.edu/mwr/2007/05/16/authentication-servers/comment-page-1/#comment-94 Mike Renfro’s Blog : The New File Server: Puppet and Modules Thu, 02 Aug 2007 21:24:12 +0000 http://blogs.cae.tntech.edu/mwr/2007/05/16/authentication-servers/#comment-94 [...] into an active-directory-member class, and that class warrants an entire followup artcle for my authentication notes, I’ll hold off on that part for now. But the Amanda configuration code, that’s worth [...] [...] into an active-directory-member class, and that class warrants an entire followup artcle for my authentication notes, I’ll hold off on that part for now. But the Amanda configuration code, that’s worth [...]

]]> By: Mike Renfro http://blogs.cae.tntech.edu/mwr/2007/05/16/authentication-servers/comment-page-1/#comment-42 Mike Renfro Mon, 04 Jun 2007 14:19:56 +0000 http://blogs.cae.tntech.edu/mwr/2007/05/16/authentication-servers/#comment-42 I fought a long way through option (a) there. ldapsearch worked fine, but nss just wouldn't cooperate. The errors I was running into were not unique, but I couldn't find anyone with working solutions, or else I just mis-implemented them. Option (b) honestly never occurred to me, but it sounds promising. I may yet do that on my next round of work. I fought a long way through option (a) there. ldapsearch worked fine, but nss just wouldn’t cooperate. The errors I was running into were not unique, but I couldn’t find anyone with working solutions, or else I just mis-implemented them.

Option (b) honestly never occurred to me, but it sounds promising. I may yet do that on my next round of work.

]]> By: Peter Hoeg http://blogs.cae.tntech.edu/mwr/2007/05/16/authentication-servers/comment-page-1/#comment-41 Peter Hoeg Mon, 04 Jun 2007 12:39:20 +0000 http://blogs.cae.tntech.edu/mwr/2007/05/16/authentication-servers/#comment-41 Mike, it seems like an awful lot of local modifications taking place. I can off-hand think of two solutions that would make things a lot easier for you: a) Direct look-up in the AD using NSS, or b) Set up a slave LDAP server that replicates from the AD and then NSS look-up against that using NSS. /peter Mike, it seems like an awful lot of local modifications taking place. I can off-hand think of two solutions that would make things a lot easier for you:

a) Direct look-up in the AD using NSS, or

b) Set up a slave LDAP server that replicates from the AD and then NSS look-up against that using NSS.

/peter

]]> By: Marty Heyman http://blogs.cae.tntech.edu/mwr/2007/05/16/authentication-servers/comment-page-1/#comment-19 Marty Heyman Fri, 18 May 2007 00:09:24 +0000 http://blogs.cae.tntech.edu/mwr/2007/05/16/authentication-servers/#comment-19 You could probably accomplish this with fewer moving parts using an OpenLDAP Proxy (our CDS product) and name-service-switch (NSS) and pluggable-authentication-module (PAM) like our CNS product. Fewer moving parts, probably easier to set up. You could probably accomplish this with fewer moving parts using an OpenLDAP Proxy (our CDS product) and name-service-switch (NSS) and pluggable-authentication-module (PAM) like our CNS product. Fewer moving parts, probably easier to set up.

]]> By: Mike Renfro’s Blog › Directory Servers http://blogs.cae.tntech.edu/mwr/2007/05/16/authentication-servers/comment-page-1/#comment-17 Mike Renfro’s Blog › Directory Servers Thu, 17 May 2007 19:51:33 +0000 http://blogs.cae.tntech.edu/mwr/2007/05/16/authentication-servers/#comment-17 [...] I don’t use automount, and the vast majority of UID/GID mappings I already covered in the Authentication Servers post, though it may technically belong here. One other thing at the bottom of the [...] [...] I don’t use automount, and the vast majority of UID/GID mappings I already covered in the Authentication Servers post, though it may technically belong here. One other thing at the bottom of the [...]

]]> By: Mike Renfro’s Blog › The Beginnings of Infrastructure Management http://blogs.cae.tntech.edu/mwr/2007/05/16/authentication-servers/comment-page-1/#comment-15 Mike Renfro’s Blog › The Beginnings of Infrastructure Management Thu, 17 May 2007 01:06:33 +0000 http://blogs.cae.tntech.edu/mwr/2007/05/16/authentication-servers/#comment-15 [...] Authentication servers [...] [...] Authentication servers [...]

]]>