Ok, it would be easiest with an NIS server for the Linux clients then that server authenticating to the domain - you could create all the users initially using <newusers> on the NIS server, starting with a CSV dump of the NT user database (using <addusers /d filename> on NT). Failing an available NIS server, running the newusers command on a few workstations should not be too much hassle. Try <man newusers> and <man 5 passwd> for more guidance on bulk user creation. -----Original Message----- From: Thomas Adam To: tneale@kingsdown.swindon.sch.uk; 'suse-linux-uk-schools@suse.com '; Chris Puttick Sent: 9/23/03 1:09 PM Subject: RE: [suse-linux-uk-schools] Winbind & Suse --- tneale@kingsdown.swindon.sch.uk wrote:
I had looked at smb_auth but was put off as it seems to require that all users are set up with accounts on the Linux workstations first whereas winbind would create them automatically, the former way seems more time consuming and more difficult to maintain, of course I've never done this before so maybe I'm just
Hmm, how so? It is up to you, being the network administrator to create the accounts, anyhow. This can be automated somewhat using a simple shell script (I won't give an example, as it depends on how your usernames are mapped throughout the school). Or do I miss your point? -- Thomas Adam ===== Thomas Adam "The Linux Weekend Mechanic" -- www.linuxgazette.com ________________________________________________________________________ Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://mail.messenger.yahoo.co.uk
--- Chris Puttick <chris@centralmanclc.com> wrote:
Ok, it would be easiest with an NIS server for the Linux clients then that server authenticating to the domain - you could create all the users initially using <newusers> on the NIS server, starting with a CSV dump of
NIS/YP? Heh, no thank you. I'd avoid that almost as much as authenticating over NFS, Chris. There was a discussion on this list about adding new users from an exported NT list at some lenth. I'd suggest you check the archives -- there were some very innovative suggestions put forward <grin>.
the NT user database (using <addusers /d filename> on NT). Failing an available NIS server, running the newusers command on a few workstations should not be too much hassle.
Try <man newusers> and <man 5 passwd> for more guidance on bulk user creation.
I think you'll find it is "man adduser". And as a nitpick, you don't need to specify the section for "man passwd". The URL for the relevant discussion is here: http://lists.suse.com/archive/suse-linux-uk-schools/2003-Aug/subject.html and you want to read ALL e-mail under the subject of: [suse-linux-uk-schools] addins users to groups....... 500+ HTH, -- Thomas Adam
-----Original Message----- From: Thomas Adam To: tneale@kingsdown.swindon.sch.uk; 'suse-linux-uk-schools@suse.com '; Chris Puttick Sent: 9/23/03 1:09 PM Subject: RE: [suse-linux-uk-schools] Winbind & Suse
--- tneale@kingsdown.swindon.sch.uk wrote:
I had looked at smb_auth but was put off as it seems to require that all users are set up with accounts on the Linux workstations first whereas winbind would create them automatically, the former way seems more time consuming and more difficult to maintain, of course I've never done this before so maybe I'm just
Hmm, how so? It is up to you, being the network administrator to create the accounts, anyhow. This can be automated somewhat using a simple shell script (I won't give an example, as it depends on how your usernames are mapped throughout the school).
Or do I miss your point?
-- Thomas Adam
===== Thomas Adam
"The Linux Weekend Mechanic" -- www.linuxgazette.com
________________________________________________________________________ Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://mail.messenger.yahoo.co.uk
-- To unsubscribe, e-mail: suse-linux-uk-schools-unsubscribe@suse.com For additional commands, e-mail: suse-linux-uk-schools-help@suse.com
===== Thomas Adam "The Linux Weekend Mechanic" -- www.linuxgazette.com ________________________________________________________________________ Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://mail.messenger.yahoo.co.uk
On Wed, 2003-09-24 at 11:16, Thomas Adam wrote:
--- Chris Puttick <chris@centralmanclc.com> wrote:
Ok, it would be easiest with an NIS server for the Linux clients then that server authenticating to the domain - you could create all the users initially using <newusers> on the NIS server, starting with a CSV dump of
NIS/YP? Heh, no thank you. I'd avoid that almost as much as authenticating over NFS, Chris. There was a discussion on this list about adding new users from an exported NT list at some lenth. I'd suggest you check the archives -- there were some very innovative suggestions put forward <grin>.
I would be interested to find out your objections to NIS (on a firewalled network, of course). We are just about to investigate it as the obvious solution to the problem of maintaining (creating, modifying and deleting from) a user database on multiple systems. It is possible to do the same thing with scripts which duplicate all changes on every system, but a single database has to be more elegant and less error-prone.
the NT user database (using <addusers /d filename> on NT). Failing an available NIS server, running the newusers command on a few workstations should not be too much hassle.
Try <man newusers> and <man 5 passwd> for more guidance on bulk user creation.
I think you'll find it is "man adduser". And as a nitpick, you don't need to specify the section for "man passwd".
Adam, I suggest you try these commands. On my standard woody Debian systems they do not do the same thing. <man passwd> gives you the man page for the <passwd> command while <man 5 passwd> give you the page for the format of the passwd file. Also <newusers> is a completely different command from <adduser>. It may not exist on all distros, but it is a very useful way of taking a file of usernames with plaintext passwords laid out in standard passwd format and adding them to the system, or modifying existing users to suit. It doesn't do everything but is a very useful tool for adding or modifying a large number of users. I wouldn't like to be without it. snip ... -- ---------------------------- Giles Nunn - ISP Officer Carms ICT Development Centre +44 1267 228277 ----------------------------
--- Giles Nunn <giles@satproj.org.uk> wrote:
--- Chris Puttick <chris@centralmanclc.com> wrote:
Ok, it would be easiest with an NIS server for the Linux clients
that server authenticating to the domain - you could create all the users initially using <newusers> on the NIS server, starting with a CSV dump of
NIS/YP? Heh, no thank you. I'd avoid that almost as much as authenticating over NFS, Chris. There was a discussion on this list about adding new users from an exported NT list at some lenth. I'd suggest you check
On Wed, 2003-09-24 at 11:16, Thomas Adam wrote: then the
archives -- there were some very innovative suggestions put forward <grin>.
I would be interested to find out your objections to NIS (on a firewalled network, of course). We are just about to investigate it as the obvious solution to the problem of maintaining (creating, modifying and deleting from) a user database on multiple systems.
That is indeed what it is designed for. It's just that I find it very cumbersome in doing it that way. Take for example [..snip..]
Adam, I suggest you try these commands.
Actually, my first name is Thomas, and furthermore, I hold out my hands and apologise for my mistake about the "man" pages. I wasn't thinking before I replied. I did make this correction off list :)
On my standard woody Debian systems they do not do the same thing. <man passwd> gives you the man page for the <passwd> command while <man 5 passwd> give you the page for the format of the passwd file. Also <newusers> is a completely different command from <adduser>.
I agree. I have been using Debian for a long time now, and "addusers" is the bees-knees in terms of adding users, adding users to groups, etc. But as many on this list are running SuSE..... -- Thomas Adam ===== Thomas Adam "The Linux Weekend Mechanic" -- www.linuxgazette.com ________________________________________________________________________ Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://mail.messenger.yahoo.co.uk
On Mon, 2003-09-29 at 17:55, Thomas Adam wrote: snip ...]
Adam, I suggest you try these commands.
Actually, my first name is Thomas, and furthermore, I hold out my hands and apologise for my mistake about the "man" pages. I wasn't thinking before I replied. I did make this correction off list :)
Thomas, I do apologise for such a stupid mistake. The only good thing about it is I have proved how easy it is to post something one does not mean just by not thinking carefully - a good reminder for me to check my mesages _before_ sending in future. -- ---------------------------- Giles Nunn - ISP Officer Carms ICT Development Centre +44 1267 228277 ----------------------------
Hi all, The NT authentication saga continues... I've followed the route of putting the winbind authenication is system-auth... When an account attempts to log in this gets sent to the messages log... Sep 30 14:03:27 bart pam_winbind[16267]: user 'RMNETNT+rwl' granted acces Sep 30 14:03:27 bart gdm-binary[16267]: User RMNETNT+rwl not permitted to gain access at this time The gdm login says... "The system administrator has disabled access to the system temporarily" My system-auth file looks like this... ...................... #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/pam_env.so auth sufficient /lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so likeauth nullok use_first_pass auth required /lib/security/pam_deny.so account sufficient /lib/security/pam_winbind.so #account required /lib/security/pam_unix.so password required /lib/security/pam_cracklib.so retry=3 type= password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow password required /lib/security/pam_deny.so session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so ................. and the gdm file like this... ............................... #%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session optional /lib/security/pam_console.so .................. Any help or suggestions would be greatly appreciated. ===== rgds, Richard Rothwell -------------------------------------------------------------------- Don't teach pigs to sing. It wastes your time and it annoys the pigs. Robert Kiyosaki ________________________________________________________________________ Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://mail.messenger.yahoo.co.uk
On 30 Sep 2003 at 14:54, Richard Rothwell wrote:
Sep 30 14:03:27 bart pam_winbind[16267]: user 'RMNETNT+rwl' granted acces
Sep 30 14:03:27 bart gdm-binary[16267]: User RMNETNT+rwl not permitted to gain access at this time
As GDM seem's to be the part having a problem have you tried running it in debug mode to see if the logs become any more helpful? Tim Neale Kingsdown School, Swindon
participants (5)
-
Chris Puttick -
Giles Nunn -
Richard Rothwell -
Thomas Adam -
tneale@kingsdown.swindon.sch.uk