[K12OSN] ltsp client authentication with separate k12ltsp and smb/ldap box

David Trask dtrask at vcs.u52.k12.me.us
Thu Jan 13 04:04:56 UTC 2005


Steve I'm beginning to wonder if something is being firewalled on the
server.  When I set up mine I turn off all firewalling since my machine is
not at all directly exposed to the outside world and I find it easier to
turn it all off and then selectively add things back on if need be.  Try
turning off all security and see if that makes a difference.  If you
haven't added any users to the K12LTSP server (you shouldn't) and you can
log in with Samba and ssh as "art"....then I'm thinking it's got to be
something simple that simply preventing your entry.  Having reinstalled my
Samba/LDAP server back in November due to a stupid error (no data loss at
all)....I can say if the how to is followed it simply works.  Chuck Leibow
also just posted a comment "it should just work".  Matt is scripting based
on the how-to....my preliminary tests show all is OK, but I have yet to
authconfig another Linux box and log in against it....will try
tomorrow....if I'm successful...then it's probably because of
firewall....I never turn on the firewall when doing a Fedora install for
testing....I disable it.  Just an idea.


"Support list for opensource software in schools." <k12osn at redhat.com> on
Wednesday, January 12, 2005 at 7:01 PM +0000 wrote:
>On Wed, 2005-01-12 at 15:18, Steve Kossakoski wrote:
>
>> We could ssh into the K12LTSP server as "art".
>> We COULD NOT log into a K12LTSP client as "art".
>
>Are you talking about the graphic gdm login box on the client?
>That should really be coming from the k12ltsp server and should
>accept the same logins as ssh to the server.  Or are you trying
>to log into a local shell on the client on a virtual console
>or through ssh to the client?
>
>> If I create a regular Unix user on the K12LTSP server that user can log
>> into an LTSP client without a problem (and that's how root is able to
>> log into a k12ltsp client).
>
>If you use SMB authentication you can check the password but not get
>account information - that is you need an entry for the user in
>the local /etc/passwd file but you don't have to match the password
>there.  You may have the same effect with LDAP if it is not configured
>exactly right.  



David N. Trask
Technology Teacher/Coordinator
Vassalboro Community School
dtrask at vcs.u52.k12.me.us
(207)923-3100




More information about the K12OSN mailing list