Background
I have a home server running Debian, and a workstation that runs various VirtualBox VMs (mostly Linuxen but some Windows).
At the moment, I'm creating my main user account anew for every new Linux VM. I'd like to make use of a centralized user-management scheme instead, so I can just configure the new VMs for the directory technology and let them handle user lookups automatically.
The last time I worked with anything like this, NIS+ was still in fashion. I have a vague notion of what LDAP and Active Directory are, but no knowledge of how to configure them for what I want.
Question
What user-management/network-directory technology should I use for providing user accounts to my network?
- The server must run on Debian Lenny.
- Client configuration should be simple point-at-server-and-go.
- I need an example configuration for one sample user account.
- (nice-to-have) I may want to mount the user's home directory from the server.
- (nice-to-have) The same configuration works with Windows clients.
Best Answer
I tried to do this quite some time ago. OpenLDAP stored my user accounts and automounts, phpldapadmin was used to manage everything.
I can't comment on the current state of phpldapadmin, but at the time I used it it was pretty basic. What I liked about it though that it had simple templates to create different kind of LDAP entries (Unix/Samba accounts, automout directories, etc), so this made my life a lot easier because at first I had to create those entries manually and they would consist of quite a few fields with non-obvious names. Plus, phpldapadmin allowed me to just mess around in the database if that was needed (and I needed that quite often) and was easy to install.
Whenever I would setup a new machine I had to do three things to get everything working with LDAP:
As I said it was quite some time ago that I used to use that, so maybe things are different now, or I forgot about some things/recall them wrong. I remember having some sort of script that made everything a little easier but still the whole thing wasn't really that straightforward.
Still, it worked pretty well and once you get the hang of it'll make things a lot easier if you're using many different machines with lots of users. All your configurations will be done in a central place and you'll instantly have them on every new machine.