12

I need to set up a network of twenty Ubuntu machines and a server. As it is now, the users have local accounts on the machines, but I want to have centralized user authentication, with all user info stored on the server, and with server-side home directories. So when a user logs in on any of the client computers, his username and password should be checked on the server, and then his home directory should be mounted from the server via NFS or something.

How do I do this? Which is the best way?

Thomas Padron-McCarthy
  • 274
  • 1
  • 2
  • 9

4 Answers4

9

I've run something like this in the past. LDAP is your best bet for centralized accounts. This is reasonably standard, and should be easy to set up. The client is merely a matter of installing a few packages (ldap-utils, libnss-ldap, and libpam-ldap), and editing /etc/pam.d/common-(everything). You'll need to add a line like

<type of file goes here>    sufficient   pam_ldap.so

As well as this, you'll have to edit /etc/nsswitch.conf, to add ldap at the end of shadow, group, and passwd.

The server is somewhat more complicated. This seems to include a relatively up to date example of how to set it up. The OpenLDAP docs are also well worth reading.

For homedirs, you'll want to use NFS. Depending on whether you need them unmounted when users are not logged in, you may want to use the automounter (autofs). I've never used this, so I can't tell you where you're going to run into trouble there, but working without it should be perfectly doable, and will give you much the same effect, with a far less complicated setup.

Dennis Williamson
  • 60,515
  • 14
  • 113
  • 148
Cian
  • 5,777
  • 1
  • 27
  • 40
  • 2
    I've documented the LDAP side of things at http://wiki.ucc.asn.au/LDAP/LazySysadmin, IMHO it's a much nicer read than the official OpenLDAP docs in that it doesn't assume you already understand LDAP. – TRS-80 Sep 27 '09 at 21:01
  • Ok, thanks. I'll probably start with just the home directories on NFS, and then we'll see about LDAP and central accounts. – Thomas Padron-McCarthy Sep 28 '09 at 17:43
3

Apparently you can use LDAP for centralized user accounts. I'm told it's not easy to set up. We never did because we didn't have very many users. However, the centralized directories were implemented. This was done by doing an NFS mount of the home directory of the central server on the other server. It works very well.

hookenz
  • 14,132
  • 22
  • 86
  • 142
1

Going further, you may want to take a look at freeIPA, an open-source directory controller for Linux.

It ties together 389 Directory Server for LDAP, MIT krb5 for Kerberos, ISC NTPd for NTP, BIND for DNS, Dogtag for certificate management, ... really, it integrates everything you need in a domain controller, and gives them a unified a web interface and command-line client.

ephemient
  • 1,420
  • 1
  • 11
  • 8
-3

check this

quaie
  • 1,124
  • 6
  • 13