Loose notes of mine. It's been a while since I set these up. Once done you forget because it just works. I go to slap for LDAP though, so it may be a bit different to a Domain Controller.
Make sure /etc/nsswitch.conf has: passwd: compat ldap group: compat ldap shadow: compat ldap :# apt-get install nscd nslcd libpam-ldap libnss-ldap In the /etc/pam.d/common-* files make sure [type] sufficient pam_ldap.so are in the first line. Edit the /etc/pam_ldap.conf, /etc/pam_ldap.secret as required to connect to the LDAP server. Edit /etc/nscd.conf /etc/nslcd.conf to configure the caches. They can be troublesome if you try and restart services that rely on users and groups. You may need to restart these at those times too. Occasionally my root turns into Administrator because of the ldap UID 0 of Administrator. Restarting nscd usually fixes it, if not blowing out /var/cache/nscd/* will. Define a fuse group in ldap with the student usernames as members. You will want to make the GID the same as the existing Unix one, or you'll have trouble w/ permission issues of the fuse binaries and /dev/fuse. Use #> getent group fuse to verify. When you see the ldap groups/users, you've won. Double check the LTSP servers fuse binaries and /dev/fuse files with -n to verify the GID numbers are the same if you have issues. Cheers, lance On 10/12/2012 4:49 PM, Edgar Kogler wrote: > I'm running LTSP5 on Debian squeeze in a school-network. > As terminals I use some old Compaq Evo Computers, and they work fine. > I managed to activate ldap-authentication on the terminals from our domain > controller. > I want our users to have access to their local media on the terminals. What I > found in the docs is that with LTSP5 the user logging in on the terminal only > has to be member of the group "fuse" to have local media automatically > mounted. Since we use SAMBA and LDAP for the rest of the network I added a > group "fuse" to my LDAP-Server, became a member of it on LDAP plugged my USB > stick to the terminal but it didn't mount automatically. > I understand that the group "fuse" mentioned in the docs is a simple UNIX > group but I can't figure out how to bridge the gap between LDAP and UNIX > groups and membership therein. > It is no option to have all users on any server as UNIX users being members > of "fuse" since we have a large fluctuation of users (~300) every year and I > don't believe that this should be necessary. > > Any help appreciated :-) > > Edgar -- Lance Levsen, Catprint Computing C: 306-230-8783 P: 306-493-2278 PO Box 579 Delisle, SK, S0L 0P0 Canada ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
