Results 1 to 6 of 6

Thread: Ldap authentication from a wireless connection on a laptop

  1. #1
    scondon NNTP User

    Default Ldap authentication from a wireless connection on a laptop

    Hi

    I've got Open Suse 10.3 running both on a Server and on a laptop, and I want to share user accounts between the two. Both systems are using LDAP authentication against the LDAP directory on the server - no problems so far - as long as I'm connected through the wired network with the laptop, I can login as the LDAP account through the login screen or at the console.

    I have two problems I am hoping some one can help me with.
    1) When I take my laptop away from the network and bring it home, I can no longer log in as the LDAP user
    2) When I'm using the laptop at work and using the wireless network, I can't log in to my account because I need to authenticate on the wireless network, before it can contact the LDAP server - chicken and egg scenario.

    Is there any sort of caching mechanism which will allow local login to my account on the laptop, while I'm disconnected from the server? I've seen this kind of thing working on Windoze with Active directory. Is there an equivalent setting some where in OpenSuSE.

    Sean

  2. #2
    Join Date
    Jun 2008
    Location
    Tampa, FL
    Posts
    27

    Default Re: Ldap authentication from a wireless connection on a lapt

    You should be able to modify your /etc/nsswitch.conf file. find the lines that start with these and use spaces to delimit your auth sources.

    passwd: ldap files
    shadow: ldap files
    group: ldap files

    This will redirect your auth's for those 3 to go to ldap first, then local files if ldap is not there. You can use this to login locally on the system if the ldap server times out.

    Robert

  3. #3
    ab@novell.com NNTP User

    Default Re: Ldap authentication from a wireless connection on a laptop

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Another option for some users is to use Linux User Management (LUM)
    which is a Novell product. eDirectory is required to be the LDAP
    repository but the LUM side (on the workstations/servers) supports
    offline authentication which is nice for these situations. Probably not
    the best fit for you but it makes the updating of your files unnecessary
    with every user change.

    You could also use Novell Identity Manager (IDM) with a Fan-Out driver
    so accounts were pushed from your directory to the individual machines
    so, offline or online, authentication worked.

    Good luck.





    robertivey wrote:
    | You should be able to modify your /etc/nsswitch.conf file. find the
    | lines that start with these and use spaces to delimit your auth
    | sources.
    |
    | passwd: ldap files
    | shadow: ldap files
    | group: ldap files
    |
    | This will redirect your auth's for those 3 to go to ldap first, then
    | local files if ldap is not there. You can use this to login locally on
    | the system if the ldap server times out.
    |
    | Robert
    |
    |
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFIYdk93s42bA80+9kRAocrAJ90WgTXyfCljabMEaipNGWS9WHT4wCfbW8c
    M5oHpczC44K25eSG1cJINw8=
    =wV+j
    -----END PGP SIGNATURE-----

  4. #4
    scondon NNTP User

    Default Re: Ldap authentication from a wireless connection on a lapt

    Thanks for the replies guys. Much appreciated.

    Robert

    With your suggestion, my understanding is that with your suggestion, i would also create a user account of the same name in my local user list on the client. Do you know how this would work with file ownerships and file permissions made when using the local account. Would the local account have a different id (number) than the LDAP one?

    Sean

  5. #5
    Join Date
    Jun 2008
    Location
    Tampa, FL
    Posts
    27

    Default Re: Ldap authentication from a wireless connection on a lapt

    I've never actually used that specific scenario, but I believe it would be best to give the local user the same UID/GID's as on the LDAP server. This would allow that user to use the same home directory and everything when working in detached mode.

  6. #6
    scondon NNTP User

    Default Re: Ldap authentication from a wireless connection on a lapt

    Hi Robert

    I tried it and it works well. After creating the local account, I went back in to the LDAP Client utility in YaST, and connected it to the LDAP Server on my Server. No command line intervention was required.


    It now works seamlessly - when I'm offline and online - so far anyway. When I'm connected and run the #id command is shows me a belonging to both the local groups and the LDAP groups (directors and employees) at the same time.

    i.e.
    scondon@x61:~> id
    uid=1000(scondon) gid=100(users) groups=10(wheel),16(dialout),33(video),100(users),1000(directors),1001(employees)
    scondon@x61:~>

    Thanks for you suggestion.

    Regards, Sean

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •