So the user would have an account on the linux machine. When they try to
login, redhat would look to ldap to check authentication?
The password file wouldn't contain account info, but the user would need his shell and home directory to exist for most services to function correctly.
A user with no home dir could check email against the system (assuming that it runs sendmail and pop), but could not log in to a shell (I think... they might actually get dropped into /).
I normally make servers running LDAP for NSS key-only login for SSH. This way users can authenticate for any service on the machine, except for SSH, which they can only log in to if I create their home dir and install a key there.
If so, that sounds pretty good, but what about other modules, such as Samba? Since it uses smbpasswd, it would probably not use LDAP. Is that correct?
Samba can be recompiled to use LDAP, in which case you can store the rid, userAttr, ntPassword, and lmPassword attributes in LDAP. Samba then can authenticate against the directory as well. You'd want to install ACLs to prevent users from seeing the ntPassword and lmPassword attributes.
-- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
