Login server for Linux clients

[Mark Ruys]

I'm investigating whether Zentyal is suitable to replace our current SBS (homebrew based on CentOS, too much hassle to maintain). We are in a mixed PC/Mac/Linux environment (15 employees). For Linux clients, currently we use NFS (home directories), NIS (manage accounts), and Kerberos (authorization).

As I understand, NFS shouldn't be too hard to set up in Zentyal. Also, NIS seems to be outdated by LDAP. So my question boils to down: how difficult is it to set up LDAP/Kerberos in Zentyal so that it can be used for Linux clients?

Thanks, Mark

[christian]

Zentyal LDAP schema already implements RFC2307 (unfortunately not 2307bis) so you can directly set up NSS to rely on LDAP at least for accounts and groups. Kerberos should be quite easy to.
You can also set up PAM_ldap in case you have some applications not supporting Kerberos.

However, if you currently have NIS domain, there is a couple of things you have to keep in mind:
- RFC2307 instead of RFC2307bis
- only map for passwd and group are implemented (and shadow  but I strongly discourage to read userpassword attribute)
- other NIS services are not implemented
- there is not "host" attribute permitting to centrally control which workstations is authorize for who. (I made a request for new feature about this mast point)

[Mark Ruys]

Sounds good. I can fase out our NIS domain and move on to LDAP via NSS. I'll give Zentyal a try and let you know my findings. Thanks Christian.