|
READ ONLY FORUM: m23 :: makes software distribution easy The m23 discussion forum
|
View previous topic :: View next topic |
Author |
Message |
jetcowbob
Joined: 16 May 2004 Posts: 3
|
Posted: Sun May 16, 2004 0:38 Post subject: User Management |
|
|
It would be really cool to be able to manage groups of users across the clients as well. Things to consider:
- Server which clients home directories would be located
- Methods with which to mount user home directories across the network.
- Which groups of computers the user would be able to log in to, (probably all of them initially for simplicity)
- being able to take a text file of users to automatically add them to the system and create their accounts and put them in the appropriate groups.
- Being able to interface with existing databases of people to create accounts automatically....
You get the idea. This would be a very good thing to have for m23 though.
... Any seconds to that? |
|
Back to top |
|
|
Hauke
Joined: 02 Mar 2003 Posts: 1072
|
Posted: Sun May 16, 2004 13:38 Post subject: |
|
|
would be really cool to be able to manage groups of users across the clients as well. Things to consider:
Quote: |
- Server which clients home directories would be located
- Methods with which to mount user home directories across the network.
- Which groups of computers the user would be able to log in to, (probably all of them initially for simplicity)
- being able to take a text file of users to automatically add them to the system and create their accounts and put them in the appropriate groups.
- Being able to interface with existing databases of people to create accounts automatically....
|
Sounds for me if you would like to mount home directories located on the server via NFS into the clients. Am I right?
This should be no big problem if the same home directories are always mounted on the same client. If you want to log in from any client and get the home directory that belongs to your user name it is more difficult. There has to be an additional database like LDAP or NIS for user management. I've never tried it, but I heard about it. Can this be used to make you idea real? If somebody knows more about it, post it here, please.
It should be possible to install a LDAP or NIS and NFS daemon on the m23 server and integrate an interface for managing these options in the m23 administration interface.[/quote] _________________ Hauke Goos-Habermann
- project leader m23 (http://m23.sf.net) -
Jabber: dodgerm23@jabber.org
Schulung, Entwicklung und Support zu m23 und anderen OpenSource-Produkten: www.goos-habermann.de
Auch DU kannst etwas gegen Softwarepatente tun! www.patentfrei.de |
|
Back to top |
|
|
jetcowbob
Joined: 16 May 2004 Posts: 3
|
Posted: Mon Jun 21, 2004 17:09 Post subject: LDAP/Kerberos & AFS are the key. |
|
|
Quote: | Sounds for me if you would like to mount home directories located on the server via NFS into the clients. Am I right? |
This is exactly what we would like to do. We actually currently have a system doing this, however, we dont have the extroirdinary functionality of m23.
Quote: | This should be no big problem if the same home directories are always mounted on the same client. If you want to log in from any client and get the home directory that belongs to your user name it is more difficult. There has to be an additional database like LDAP or NIS for user management. I've never tried it, but I heard about it. Can this be used to make you idea real? |
We are currently using NIS to have distributed home directories. NIS or LDAP would make the task easier either way if there were a user management module in the system. It would be even nicer to be able to specify which systems users have privlages on, and how much. LDAP would be a better way to do this as it is more secure when integrated with kerberos for authentication.
Quote: | If somebody knows more about it, post it here, please.
It should be possible to install a LDAP or NIS and NFS daemon on the m23 server and integrate an interface for managing these options in the m23 administration interface. |
Yes, i would really like to see more of this. I have some bash scripts currently that i use for creating user accounts etc, but i would not be able to integrate this with the m23 system very well. Currently i would have to write the scripts, and then on the server, ssh/scp all of the settings to all of the computers and set up an AFS or NFS system that way. AFS actually has lower bandwidth stress on a network and is more desirable. I dont know enough about the inards of m23 to really hack it much though, nor do I have the time unfortuneaetely. I would be willing to work with other developers though to get this feature integrated.
This would be a functionality however, that would fill a gap in usability that current windows admins already have. It would be cool to see m23 come up with it and surpass the functionality gap while leaving the gap in the windows world. |
|
Back to top |
|
|
Hauke
Joined: 02 Mar 2003 Posts: 1072
|
Posted: Tue Jun 22, 2004 18:29 Post subject: |
|
|
Quote: | I have some bash scripts currently that i use for creating user accounts etc, but i would not be able to integrate this with the m23 system very well. |
It would be nice, if you can post these scripts or send them to me (hauke@pc-kiel.de).
I will have a look at them and see what would be the best way to implement this functionality in m23. _________________ Hauke Goos-Habermann
- project leader m23 (http://m23.sf.net) -
Jabber: dodgerm23@jabber.org
Schulung, Entwicklung und Support zu m23 und anderen OpenSource-Produkten: www.goos-habermann.de
Auch DU kannst etwas gegen Softwarepatente tun! www.patentfrei.de |
|
Back to top |
|
|
jetcowbob
Joined: 16 May 2004 Posts: 3
|
Posted: Tue Aug 10, 2004 15:19 Post subject: Scripts |
|
|
The scripts are nothing fancy...
I need to write a new script soon in order to remove groups of users as well, however, here is what I have for batch adding....
Code: |
#! /bin/bash
#feed in a comma seperated list of users of format
# User ID, Password, Default Group, Name
echo This reads comma seperated lines of User information and builds
echo an account. NOTE!! must have all fields ,, represents empty field
echo Format: User ID, Password, Default Group, Name
IFS=,
A=(01 02 03 04 05 06 07 08 1 2 3 4 5 6)
I=0
while read UD PW DG NM; do #reads user parameters
#read test uncomment echo line to check format of input it deliberately
#reorders the list to lastname first
SV=linux${A[$I]} #Assigns server for this user
echo ${NM},' 'UID: $UD' 'PW: $PW
#create directory
passwd -S $UD && continue #If user already exists skip acct creation
echo Creating new account
mkdir /mdex/$SV/home/$UD
#add directory to the auto.home so useradd can mount
echo $UD' '-fstype=nfs,hard,intr' '\
$SV:/export/home/$UD >>/etc/auto.home
sleep 3;(cd /var/yp;make) #emperical delay to let changes register
#create user
echo $UD:$PW >> temp
echo Creating User $UD...
useradd -g $DG -G students,audio,cdrom,users,floppy,video -c "$NM" $UD
# echo $PW|passwd --stdin $UD
echo $NM' :: '$UD' :: '$DG' :: '$SV >> $DG.list
#change owner back to user
chown $UD: /mdex/$SV/home/$UD
let "I+=1";let "I%=15" # indexes the server name
done
(cd /var/yp; make) #run yp make one last time to get everything updated
cat temp
cat temp | chpasswd
#rm -Rf temp
mv temp users.created
sleep 5
(cd /var/yp; make) #run yp make one last time to get everything updated
|
It should be noted that this system uses an NFS mount system to distribute user home directories across multiple systems. This script is run from a server set up with /mdex/ . as having access to all of the machines in the lab. Personally, I dont particularly care for the NFS system, nor do I like the idea of the home directories being spread out so much as it creates a LOT of traffic on the network... This is primarily because user storage quotas are not in place so that VMWARE images can be used.... I am probably going to change this so that one machine has the images and that user quotas are set to 10MB unless more space is needed. I have another script below for editing things in the lab with SSH..... To use it you need to have an SSH key in ~/.ssh/. Because of the NFS, it will be on whatever computer you log into.
Code: |
#This shell allows the same action to be performed for each linux computer
#the doservers and doworksta are subsets of this command.
#
#examples ./doall.sh "cp -fv /md/linux1/etc/ftpaccess /md/" "/etc"
#
# copies ftpaccess to all machines the first string prefixs the machine name
# the second string suffixes the machine name
# you can leave out the second string
#
#examples: ./doall.sh "ls /md/" ./doall.sh "ls /mdex/" ./doall.sh "ls /mdbt/"
#
#simply automounts and displays the root directory or the export dir in
# the second case or the boot directories in the third.
for i in 1 2 3 4 5 6 01 02 03 04 05 06 07 08 004 005 006 007 008 009
do
# echo "\nlinux"$i"\n";
${1}linux$i$2;
done
|
This script allows me to do a lot of things, however, it is mainly used for restarting services en masse across the network, doing updates etc with doall.sh "ssh " " apt-get update" etc.... |
|
Back to top |
|
|
|
|
You can post new topics in this forum You can reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|