[gentoo-user] How to do "account management" across multiple Unix boxes?

[gentoo-user] How to do "account management" across multiple Unix boxes?

[matthew.garman]

Is there a term for the situation where you have one computer as the
"user account master" and every other machine recognizes all user
accounts that are specified on the master?

I'm sure there's plenty of packages and documentation on how to do
this, but I don't know what it's called, so I don't know where to
start looking.

Basically, I have one OpenBSD box and three gentoo boxes.  I'd like
to have the same user accounts on all of them, but not have to
manually create them each time.  Especially for dealing with Samba
and NFS, it's nice to have consistent accounts.

Given the name of a couple key packages and/or web links, I think I
could figure the rest out.

Thanks!
Matt

-- 
Matt Garman
email at: http://raw-sewage.net/index.php?file=email
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] How to do "account management" across multiple Unix boxes?

[John Jolet]

On Wednesday 11 January 2006 13:51, matthew.garman@gmail.com wrote:
> Is there a term for the situation where you have one computer as the
> "user account master" and every other machine recognizes all user
> accounts that are specified on the master?
>
> I'm sure there's plenty of packages and documentation on how to do
> this, but I don't know what it's called, so I don't know where to
> start looking.
>
> Basically, I have one OpenBSD box and three gentoo boxes.  I'd like
> to have the same user accounts on all of them, but not have to
> manually create them each time.  Especially for dealing with Samba
> and NFS, it's nice to have consistent accounts.
>
> Given the name of a couple key packages and/or web links, I think I
> could figure the rest out.
openldap is one way
kerberos is another (don't pick this one)
nis or YP is another
I prefer openldap, but be warned, all of these methods are fairly non-trivial 
depending on your experience level.

maybe there's a way to do it with sama as well?
>
> Thanks!
> Matt
>
> --
> Matt Garman
> email at: http://raw-sewage.net/index.php?file=email

-- 
John Jolet
Your On-Demand IT Department
512-762-0729
www.jolet.net
john@jolet.net
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] How to do "account management" across multiple Unix boxes?

[Shawn Singh]

[-- Attachment #1: Type: text/plain, Size: 1578 bytes --]

NIS comes to mind and some recommended docs are:

http://www.linux-nis.org/nis-howto/HOWTO/NIS-HOWTO.html
http://gentoo-wiki.com/HOWTO_Setup_NIS

On 1/11/06, John Jolet <john@jolet.net> wrote:
>
> On Wednesday 11 January 2006 13:51, matthew.garman@gmail.com wrote:
> > Is there a term for the situation where you have one computer as the
> > "user account master" and every other machine recognizes all user
> > accounts that are specified on the master?
> >
> > I'm sure there's plenty of packages and documentation on how to do
> > this, but I don't know what it's called, so I don't know where to
> > start looking.
> >
> > Basically, I have one OpenBSD box and three gentoo boxes.  I'd like
> > to have the same user accounts on all of them, but not have to
> > manually create them each time.  Especially for dealing with Samba
> > and NFS, it's nice to have consistent accounts.
> >
> > Given the name of a couple key packages and/or web links, I think I
> > could figure the rest out.
> openldap is one way
> kerberos is another (don't pick this one)
> nis or YP is another
> I prefer openldap, but be warned, all of these methods are fairly
> non-trivial
> depending on your experience level.
>
> maybe there's a way to do it with sama as well?
> >
> > Thanks!
> > Matt
> >
> > --
> > Matt Garman
> > email at: http://raw-sewage.net/index.php?file=email
>
> --
> John Jolet
> Your On-Demand IT Department
> 512-762-0729
> www.jolet.net
> john@jolet.net
> --
> gentoo-user@gentoo.org mailing list
>
>


--
Shawn Singh

[-- Attachment #2: Type: text/html, Size: 2326 bytes --]

Re: [gentoo-user] How to do "account management" across multiple Unix boxes?

[John Jolet]

On Wednesday 11 January 2006 14:04, Shawn Singh wrote:
> NIS comes to mind and some recommended docs are:
>
> http://www.linux-nis.org/nis-howto/HOWTO/NIS-HOWTO.html
> http://gentoo-wiki.com/HOWTO_Setup_NIS
>
Please be aware of the security issues surrounding nis.  may not be a problem 
in your environment, but they are real.  also, with ANY centralized 
sign-on/authentication methodology, it's VERY, VERY bad idea to have just one 
auth server.  this goes for everything from nis to active directory (which is 
really just ldap).  however, nis might be a good choice in your environment, 
despite the security issues, because if you make ALL of your machines nis 
slaves, and have them authenticate to themselves, if you nis master goes 
down, you can still get on the other boxes.  Or you could just use rdist to 
fan out your /etc/shadow and /etc/passwd files ;)
> On 1/11/06, John Jolet <john@jolet.net> wrote:
> > On Wednesday 11 January 2006 13:51, matthew.garman@gmail.com wrote:
> > > Is there a term for the situation where you have one computer as the
> > > "user account master" and every other machine recognizes all user
> > > accounts that are specified on the master?
> > >
> > > I'm sure there's plenty of packages and documentation on how to do
> > > this, but I don't know what it's called, so I don't know where to
> > > start looking.
> > >
> > > Basically, I have one OpenBSD box and three gentoo boxes.  I'd like
> > > to have the same user accounts on all of them, but not have to
> > > manually create them each time.  Especially for dealing with Samba
> > > and NFS, it's nice to have consistent accounts.
> > >
> > > Given the name of a couple key packages and/or web links, I think I
> > > could figure the rest out.
> >
> > openldap is one way
> > kerberos is another (don't pick this one)
> > nis or YP is another
> > I prefer openldap, but be warned, all of these methods are fairly
> > non-trivial
> > depending on your experience level.
> >
> > maybe there's a way to do it with sama as well?
> >
> > > Thanks!
> > > Matt
> > >
> > > --
> > > Matt Garman
> > > email at: http://raw-sewage.net/index.php?file=email
> >
> > --
> > John Jolet
> > Your On-Demand IT Department
> > 512-762-0729
> > www.jolet.net
> > john@jolet.net
> > --
> > gentoo-user@gentoo.org mailing list
>
> --
> Shawn Singh

-- 
John Jolet
Your On-Demand IT Department
512-762-0729
www.jolet.net
john@jolet.net
-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] 2005.1 installs on dual-core amd64

[John Jolet]

I've encountered very weird behavior with ALL flavors of 2005.1 and 2005.1-r1 
install media for amd64.  boots, but then says it can't find ROOT.  2005.0 
works fine, as does x86 2005.1.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] How to do "account management" across multiple Unix boxes?

[Lares Moreau]

[-- Attachment #1: Type: text/plain, Size: 1059 bytes --]

On Wed, 2006-01-11 at 13:57 -0600, John Jolet wrote:
> > Given the name of a couple key packages and/or web links, I think I
> > could figure the rest out.
> openldap is one way
> kerberos is another (don't pick this one)
> nis or YP is another
> I prefer openldap, but be warned, all of these methods are fairly
> non-trivial 
> depending on your experience level.

A more trivial way to do it (although potentially insecure)...

Setup on box as the 'master', and have a cron script scp the appropriate
files to the other boxen.  THis will keep consistency of name, passwd,
uid,gid, home etc., etc.  

Not a solution for large or security consious environments, but a
working solution for Home.
-- 
Lares Moreau <lares.moreau@gmail.com>  | LRU: 400755 http://counter.li.org
lares/irc.freenode.net                 |
Gentoo x86 Arch Tester                 |               ::0 Alberta, Canada
Public Key: 0D46BB6E @ subkeys.pgp.net |          Encrypted Mail Preferred
Key fingerprint = 0CA3 E40D F897 7709 3628  C5D4 7D94 483E 0D46 BB6E

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] 2005.1 installs on dual-core amd64

[Lares Moreau]

[-- Attachment #1: Type: text/plain, Size: 720 bytes --]

On Wed, 2006-01-11 at 14:15 -0600, John Jolet wrote:
> I've encountered very weird behavior with ALL flavors of 2005.1 and 2005.1-r1 
> install media for amd64.  boots, but then says it can't find ROOT.  2005.0 
> works fine, as does x86 2005.1.

More detail pls.
boots from the LiveCD? but cant find ROOT?
did you edit /etc/fstab?  the default entry is /dev/ROOT ;)
-- 
Lares Moreau <lares.moreau@gmail.com>  | LRU: 400755 http://counter.li.org
lares/irc.freenode.net                 |
Gentoo x86 Arch Tester                 |               ::0 Alberta, Canada
Public Key: 0D46BB6E @ subkeys.pgp.net |          Encrypted Mail Preferred
Key fingerprint = 0CA3 E40D F897 7709 3628  C5D4 7D94 483E 0D46 BB6E

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] 2005.1 installs on dual-core amd64

[John Jolet]

On Wednesday 11 January 2006 14:35, Lares Moreau wrote:
> On Wed, 2006-01-11 at 14:15 -0600, John Jolet wrote:
> > I've encountered very weird behavior with ALL flavors of 2005.1 and
> > 2005.1-r1 install media for amd64.  boots, but then says it can't find
> > ROOT.  2005.0 works fine, as does x86 2005.1.
that's all the message says.  it's at the stage where it's looking for the cd 
to mount under /newroot.  I didn't edit the fstab, this is the livecd...and 
the minimal cd.  I"m assuming it's looking for whatever is set as ROOT= in 
the grub.conf.  dunno.  like I said 2005.0 boots fine.
>
> More detail pls.
> boots from the LiveCD? but cant find ROOT?
> did you edit /etc/fstab?  the default entry is /dev/ROOT ;)

-- 
John Jolet
Your On-Demand IT Department
512-762-0729
www.jolet.net
john@jolet.net
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] How to do "account management" across multiple Unix boxes?

[Alexander Skwar]

matthew.garman@gmail.com schrieb:

> I'm sure there's plenty of packages and documentation on how to do
> this, but I don't know what it's called, so I don't know where to
> start looking.

You either use NIS or nowadays might use LDAP.

Alexander Skwar
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] 2005.1 installs on dual-core amd64

[Andrew Frink]

[-- Attachment #1: Type: text/plain, Size: 1236 bytes --]

On 1/11/06, John Jolet <john@jolet.net> wrote:
>
> On Wednesday 11 January 2006 14:35, Lares Moreau wrote:
> > On Wed, 2006-01-11 at 14:15 -0600, John Jolet wrote:
> > > I've encountered very weird behavior with ALL flavors of 2005.1 and
> > > 2005.1-r1 install media for amd64.  boots, but then says it can't find
> > > ROOT.  2005.0 works fine, as does x86 2005.1.
> that's all the message says.  it's at the stage where it's looking for the
> cd
> to mount under /newroot.  I didn't edit the fstab, this is the
> livecd...and
> the minimal cd.  I"m assuming it's looking for whatever is set as ROOT= in
> the grub.conf.  dunno.  like I said 2005.0 boots fine.
> >
> > More detail pls.
> > boots from the LiveCD? but cant find ROOT?
> > did you edit /etc/fstab?  the default entry is /dev/ROOT ;)
>
> --
> John Jolet
> Your On-Demand IT Department
> 512-762-0729
> www.jolet.net
> john@jolet.net
> --
> gentoo-user@gentoo.org mailing list
>
> John
do you have a SATA cdrom drive?
Cynyr.

--
if you are tired of virii look at http://fedora.redhat.com/
and for those of you still using AOL's messanger
try out http://gaim.sf.net/... and for photoshop see http://www.gimp.org
use http://www.gimp.org/

[-- Attachment #2: Type: text/html, Size: 1915 bytes --]

Re: [gentoo-user] How to do "account management" across multiple Unix boxes?

[Joshua Schmidlkofer]

[-- Attachment #1: Type: text/plain, Size: 827 bytes --]

IMNSHO NIS is a big fat waste.  I would strongly recommend against. it. =)
It does simplify a number of things, and I honestly have never actually
tried to make the LDAP integration work on BSD.

Kerberos is not an account management tool - it is authentication
management,  I use it all the time, and even in small networks I prefer it
to the 'straight' alternatives.   OpenLDAP + Kerberos is pretty hot.  I use
this for my work network especially, and on my home network I use local
accounts + kerberos.

Gentoo has an LDAP howto here: http://www.gentoo.org/doc/en/ldap-howto.xml

I have a really horrible kerberos howto, but it may become less horrible in
time: http://lateralis.imr-net.com/wiki/jms/Kerberos

Finally, most of where I started with all of this is here:

http://www.ofb.net/~jheiss/krbldap/

[-- Attachment #2: Type: text/html, Size: 1061 bytes --]

Re: [gentoo-user] 2005.1 installs on dual-core amd64

[John Jolet]

>
> do you have a SATA cdrom drive?
> Cynyr.
no. it's ide.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] How to do "account management" across multiple Unix boxes?

[Alexander Skwar]

Joshua Schmidlkofer schrieb:
> IMNSHO NIS is a big fat waste.  I would strongly recommend against. it.

Why? It's simple to setup and does what the OP wanted.

PS: Please no HTML mails. Please no top posts.

Alexander Skwar
-- 
gentoo-user@gentoo.org mailing list