On Fri, 2011-08-05 at 14:18 +0200, Lars Müller wrote:
On Fri, Aug 05, 2011 at 01:30:10PM +0200, Roger Oberholtzer wrote: [ 8< ]
One example usage: After logging in to AD, can I have access to my home directory no matter where I am? Obviously I can set this sort of thing up in Linux with a linux login. But what can be done with an AD login? Remember that I can log in to a Linux machine via AD without a previous account on that machine. It is created on-the-fly. How can I get the AD login to make available the user's home directory as defined in the AD? I do not know that AD calls it a home directory. But there is usually a common storage area defined for each user.
pam_mount
But how do I find/specify, in the context of pam_mount, the name of the place to mount that was stored in the AD info? (Related to mu 'dumb question' below.)
Another example (veering off thread topic- I think...): Our business as a whole uses Windows and AD. Except for those in my group who use openSUSE. The things that I see that are interesting are perhaps not really related to AD. But, I cannot know that as I do not use AD. For example, when a Windows user logs in, it is determined (1) which printers they are authorized to use and (2) their default printer queue is set to access the one closest to their location. This works company-wide as one zips about with their laptop. Printouts seem to pop out of the printer just down the corridor. No matter in which corridor you find yourself. Is this location service in any way related to AD.
It is. It's done via a mix of LDAP, DNS, and group policy settings. And here starts the painfull part of the integration. With Samba and winbind we're only retrieve/ pull the information and store it locally - in a ini file IIRC. This information needs to get parsed and passed to the applications. This is the missing link.
Interesting. What INI file?
What I have in mind since quite some time is to identify the top five settings we like to get and somehow store in a local config file. The first attempt/ approach doesn't need to be perfect.
I like the sound of that. Here is probably a dumb question: Since I have been authenticated against the AD, what command on Linux could I type to see what information is available in the AD? That is, how can I explore this information? Presumably since one is already authenticated via AD it should be possible to access it with existing information? Yours sincerely, Roger Oberholtzer OPQ Systems / Ramböll RST Office: Int +46 10-615 60 20 Mobile: Int +46 70-815 1696 roger.oberholtzer@ramboll.se ________________________________________ Ramböll Sverige AB Krukmakargatan 21 P.O. Box 17009 SE-104 62 Stockholm, Sweden www.rambollrst.se -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org