Ralf Haferkamp wrote:
but I don't know how to setup a proper 'realm' (which is what I keep getting errors about), When do you get that error. As a result of which command?
---- I'd have to go back and retry some of my experimenting ... But I think I'll try your 1st suggestion and reset everything. But in regards to this:
no scripts or make files to move my /etc passwd+shad+group into it; Yeah, we don't have anything for that on the distro, but usually the available solution require a lot of manual tweaking anyways.
--- That's almost a bug -- since I've seen more than one mention of scripts that should help moving existing data into a database. I'd really think SuSE 'should' provide something similar, I'm a very small site (only a few machines), but I'd like to get all of the standard /etc/passwd entries and group entries moved into the database. By far, about 75-85% of my (pw=89 lines, group=106 lines) came from the standard suse file and added packages (which add many). The problem I keep having is trying to keep my 3-4 machines in sync. So UID's and GID's are same across multiple machines. As part of my idea of 'security' separation, I am trying to create a separate group (w/ GID==UID) for each UID -- especially for daemons...that way I can add "admins" (me), to their groups so I can more easily mess with their files and not have to SU to root so much (well, it's a 'hope'/desire...:-)). At least I can read their configs and log files even if I have other set to none.... I'm also trying to make sure UID and GID's are equal to better support the Windows "advanced" (*cough*) concept of having only 1 namespace for UID and GID's (SID's). In a way, it yields the advantage of allowing any user to be part of a group associated with any service or daemon or other user for that matter... That and I just want to make sure that if I decide to map all of my linux id's into a windows space, nothing will collide... :-)...
So how do I get stuff into it and get authentication and services?
You can use yast2 ldap-client to setup LDAP authentication (nss and pam).
I have very few *real* users, but as I mentioned, I'd like to get all of the password files and such into ldap. Are the command-line ldap commands compatible with yast2's implementation? If I have to, I suppose I can write some scripts to put things in -- but only if the standard tools work "somehow"... If I can't use the standard tools, maybe I shouldn't use yast2 to setup an ldap server, since I can't be typing in all those entries by hand --- and 99% aren't real users -- I'd hate to think about a larger site trying to add 100's or thousands of user by hand. BTW, doesn't slapd do 'something' with slpd? Like announce itself or something? or announce 'services? or 'well known names'? now to go destroy my setup and start over!...oh what fun... (not that anything is working anyway...*sigh*)... Oh, this is where I got the idea that GSSAPI was deprecated: /etc/ssh/sshd_config # Set this to 'yes' to enable support for the deprecated 'gssapi' authentication # mechanism to OpenSSH 3.8p1. The newer 'gssapi-with-mic' mechanism is included # in this release. The use of 'gssapi' is deprecated due to the presence of # potential man-in-the-middle attacks, which 'gssapi-with-mic' is not susceptible to. ------------- I had the impression that the protocol itself was flawed and deprecated -- does the SuSE LDAP use the newer "with-mic" protocol? -linda -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org