LDAP? SSH? How to logon to network?

[zx2c4]

My school uses Macs. They run Mac OS X Server. At each computer in the computer lab, each student is able to logon using their username and password to their "own desktop" because each computer is authenticated remotely and their home folder is a remote mount. All programs run locally.

At studentserver.myschool.org, they run an appletalk file share server, perhaps another sort of file sharing server, and an ssh server, all of which I can logon to using my username. At queenbee.myschool.org, the school runs an ldap server which is used for authentication on each of the computer lab computers. Logged in as administrator, I looked at the directory services program to obtain ldap information. They connect to the queenbee server and use the base of dn=..... Also part of this string is cn=config and it is setup to get all details "from server". All user name entries have the normal objectType=posixAccount in addition to some unique apple attributes.

One of the attributes is homeFolder. For me, this is located at /Network/studentserver.myschool.org/Volumes/Hive/myUserName. Logged onto my account using a mac, in addition to my home folder being present as I have all my settings unique to me, I can type cd ~ in terminal and get my homefolder, which is mapped to this path. I can also cd /Network/studentserver.myschool.org and peak around. My authentication to this server is based on my username and the group that I'm in (which was authenticated by ldap before), so it is safe to conclude that studentserver.myschool.org also logs into this ldap server and authenticates me using normal credentials.

I installed Linux on one of the G5 towers. How can I set the computer up such that users are able to login to it using their username and password and have their home folder be their server share? OpenLDAP? SSH? AFP? I have tried openldap and I have been unable to get that to work (ldapsearch -x 'uid=myusername' works but I can't get system wide authentication working).

If I did get OpenLDAP to work, what about the home folder? The homeFolder attribute ldap mentions refers to a specific place already existant on the mac computer (/Networks/studentserver.myschool.org), so perhaps the equivalant would be to have /Networks/studentserver.myschool.org in /etc/fstab and mounted.

The next question, however, is how can I have this mount like a normal device directory which uses normal authentication? I have tried specifying nfs as a fs type, but this does not work. Perhaps I can utilize the existance of an ssh server running? What about afp? But then I have to be careful that it uses the normal system wide authentication mechanism (that authenicates my access to local folders, for instance) and not a logon of its own.

And on top of that, even after getting OpenLDAP to authenticate system wide, how will it know to make the homefolder based on the homeFolder attribute?

Or perhaps there's another way to do this, completely through ssh, but that's doubtful. Any ideas?

[Giengaron]

I am afraid I don't have your anwers directly but it's been a few days since you posted so I thought I would at least pass on my thougths about your questions and goals.

To start to get the network login from ldap working you will need to install the pam module for ldap authentication and write boot scripts to set up the envirnment, mount shares and create a resonable setup.

You may not want to have the linux system use the same home folder as the mac's. It would make more sense to keep this separate because linux applications create lots of preference data. I would link / alias folders like my documents into the linux envirnment.

There's no guarantee that, even after a good deal of configuration and a little bit of delvelopment, you can get this system working with linux since there may be proprietary Apple components that are not based on open standards for which documenation is unavailable. For example while ldap directory service is a standard the data that is stored in it can differ from system to system and so it's possible that, for example the encryption of passwords in the ldap server is not compatible with what is expected by the pam ldap module.
You might consult a forum for apple networks, or ask apple if it's possible to configure a linux client for the network. Also looking for how to set up a windows machine may give you some clues and it's more likely supported.

You also may have an easy alternative depending on your goals. It's farily easy to install x windows and run applitiations written for linux and gtk, on mac osX and there's nothing shotty about the mac's mach kernel. You can even use a limited portage on mac osX. This way you get network access from macOS and can also use the great base of opensoruce software in windows along side of your mac applications.
http://www.gentoo.org/proj/en/gentoo-alt/macos/
Since this project looks like it is pre-alpha and a bit stalled (ie installerless) you might also check out the Fink project.
http://fink.sourceforge.net/

After trying that on one workstation you could try to figure out how to map a common gnu-root from the server and share it to all the workstations so that it's maintainable in one location.