PDA

View Full Version : [ubuntu] Network Manager and LDAP Authentication



jlsheehan
November 17th, 2009, 11:33 AM
Does anyone know how to make Karmic Network Manager and LDAP authentication work well together?

The problem is I have set up a nice LDAP authentication network but GDM can't authenticate because Network Manager does not bring up the interface until after login.

I can put the settings in /etc/network/interfaces directly but then Network Manager will no longer control the interface or give any indication of its status...

Any insight much appreciated.

Jeff

larseko
November 30th, 2009, 08:53 AM
I'm another network administrator wondering about this...

jlsheehan
December 1st, 2009, 05:48 AM
I have done a little more research, I think that network connections made "Available to all users" should be started during boot.

I will try this out and post back.

Jeff

jlsheehan
December 5th, 2009, 02:19 PM
I tried it out and creating a connection that is "Available to all users" is definitely the way to go.

This connection is started at boot time and you can do LDAP auth.

Jeff

larseko
December 7th, 2009, 10:11 AM
Thanks. Unfortunately, the networkmanager is no longer able to authenticate (thru policykit) while I have ldap set up anyway, so I'm not able to test it without removing every ldap configuration at the moment. But I was pretty sure this didn't work, as I've tried it in previous versions of ubuntu. If it works now, that's great.

A thread about my authentication issues which I have to resolv...:

http://ubuntuforums.org/showthread.php?t=1341871

larseko
December 9th, 2009, 09:30 AM
Strange, my wireless connections that are set to be "available to all users" aren't brought up during boot.

jlsheehan: The connection you made was a wireless one, right?

larseko
December 9th, 2009, 11:08 AM
Well, actually, it works. I was perhaps just too quick, trying to logon before the network connection had settled.

However, as a sysadmin, there's a slight problem with the network manager approach: by default, it let's the users fiddle with their network settings. This could be an advantage in some circumstances, for instance when the user has moved the PC while logged on, and lost connection. The disadvantage is obvious: the users are able to screw up their profile's network setting.

So... how do you ensure that any changes to the network by the user aren't saved? If they have access to write at all... Since the terminals are set up with NFS home directories and LDAP authentication, I don't want them to accidentally change network.