Jamie Thompson wrote: > Nope, the packages only change the /etc files. It's up to you to keep > the ldap in sync. In practice, these rarely change, but still, I'd > prefer if they added users/groups/etc via changeable scripts that could > modify ldap instead....but, well, that itch doesn't warrant a scratch > yet, at least for me. In my personal case I emptied out the system files > to only include root as a backup measure...but on the next upgrade they > all got put back in :) D'oh.
Fair enough. I just wondered if the useradd etc scripts paid attention to the nsswitch config. I may not need to worry (see below about which users to add) > As I said above, I left root in the local passwd as a backup measure. If > you have the ordering in nsswitch to consult ldap before files, you > could even have different passwords for the local root backups for a > little bit of extra peace of mind (and not needing to keep them in sync > when you change your master root password regularly), but it probably > doesn't warrant the hassle. Perhaps best not to have root in ldap at > all...I only have it there so I can authenticate as root using samba and > short-circuit the file permissions on occasion. Well. This machine will end up being a PDC for 2 windows XP boxes, and should also be the main place for (real) user/pass config for 2 OpenBSD boxes and a Mac OSX box (guessing these 3 via some kind of NIS config). So - I get the feeling that system users (which may well be different across OS'es) should be left in the /etc config, and only real users added to ldap. I need to get deeper into the smb config part - where is it defined who is a domain admin, who is an administrator and who is a guest user (for the XP boxes) etc. It may be that I don't need the /etc/group stuff in at all. The migration scripts seemed able to put _loads_ of stuff in there, hosts, protocols, services etc. I don't think I need any of that for my purposes - so - I'm just going to leave that for the time being. I was following http://glasnost.beeznest.org/articles/180 but that was last updated in april last year and still says "to be continued". So - I reckon that I have the ldap server running - with the correct user config - but - now I need to figure the groups, and samba stuff (hosts, printers etc) :) -- Chris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
