:: Re: [DNG] Request for comments - tr…
Góra strony
Delete this message
Reply to this message
Autor: Rowland Penny
Data:  
Dla: dng
Temat: Re: [DNG] Request for comments - training room
On Sat, 1 Dec 2018 21:49:41 +0000
Simon Hobson <linux@???> wrote:

> g4sra <g4sra@???> wrote:
>
> >> How is the Linux server going to authenticate users,
> >> via /etc/passwd or other ?
> >>
> >> A lot depends on this, also the number of users will have a factor
> >> as well.
>
> > Which network authentication method would you suggest ?
>
> I think what Roland was getting at here is the number of users and
> how they are dealt with makes a huge difference.
>
> At one extreme, you have 28 seats, each one of them has a user such
> as "user1", and you can simply use /etc/passwd & /etc/shadow to
> manage that single user one each seat. You could probably build one
> software image and simply image all 28 machines with that one image.


This would entail running Samba as a workgroup and, once you get past
about 10 machines, it get unwieldy, you have to create the exact same
users on every machine you want them to connect to and keep their
passwords in sync. This can rapidly become a nightmare, this applies
if you decide to go with NFS instead.

>
> At the other extreme, every person has their own login and can use
> any seat at any time (and there are hundreds or even thousands of
> them) so that progress/results can be logged for each person. In this
> case, you will really need a centralised user management such as
> Roland described using Samba & AD. You could still image each machine
> from one common image - but you'll need to do some post-imaging setup
> to give each machine a unique set of identifiers etc for the AD to
> work properly.


If you run Samba as an AD DC and join the clients to this, you only
have to create the users & groups once and the password is only stored
in one place, the DC. You just need to use PAM to create the users home
dir the first time they log onto a computer. It basically boils down to
doing the hard work once and then maintaining the domain on the DC.

Rowland