There are some 30 systems (standalone PCs) in my lab and nearly 200 students who will be using it. Each system has an account called USER whose password is 123456 which is known to those 200 people. Hence they access whichever system is free and work for sometime. Their usage is logged by just register book entry. I want to give each users separate logins and passwords which is easily achieved by LDAP server. But i do not want to create 200 user accounts in each PC. i want to map all the 200 peoples login to be made into the USER account itself. They will have same profile and same home directory. I just want to log the Time and date of individuals' lab usage in a file. Can this be done using LDAP or some other software?
SnapOverflow
Agree with SLESKE but to expand on his/her comments, you need to do a couple things first!
In Linux, the libraries that control logging in need to be redirected to use an LDAP backend as oppose to looking things up in /etc/passwd.
If you are using OpenLDAP then you will want to look at two things:
NSCD (Name Server Caching Daemon) which caches the LDAP queries. You will run this on each host where users log in.
NSSLDAP (Name Server Switch for LDAP) this is the glue that causes logins to query NSCD, which in turn, will query LDAP backend or NSSLDAP will query LDAP backend directly if NSCD is stale or not available.
So on each workstation you will need to install OpenLDAP, NSCD, and NSSLDAP if not part of your distribution. OpenLDAP is required to get the client libraries which know how to speak LDAP protocol.
Then you need to make edits to some files:
/etc/nscd.conf This file controls what gets cached. Here is a dump from one of my systems that acts as a Samba server:
You'll then need to modify your nsswitch.ldap file (read the DOCs on it, too much to go into here).
ONE VERY IMPORTANT THING!!!!
If your LDAP server is down, you want to make sure the local root account can still log in. Or if one of your workstations is having network issues, you'll want to make sure that you can still log in.
So when my Linux boxes boot up, I have a script that always copies a nsswitch.conf file into place that looks as follows:
passwd: compat group: compat
hosts: files dns networks: files
services: files protocols: files rpc: files ethers: files netmasks: files netgroup: files bootparams: files
automount: files aliases: files
and once I'm ready to use LDAP for logins, I replace the nsswitch.conf file with the following:
passwd: files ldap group: files ldap shadow: files ldap
hosts: files dns networks: files
services: files protocols: files rpc: files ethers: files netmasks: files netgroup: files bootparams: files
automount: files aliases: files
The former allows me to login locally and the latter allows both but due to caching by NSCD, it takes time for NSCD to get stale thus causing login delays or issues.
There is much more to be said on this but this hopefully gets you started.
BTW: I'm the developer of Pozix Linux and the Pozix Linux Small Business Server and we have over 400 Samba systems running much this way!
Agreed, TRS80's comments are valid but here is a script we use to create LDIF files from /etc/passwd files. The resulting LDIF file can be used to populate your LDAP database. You'll need to make sure that if you run this script on multiple workstations that you weed out duplicate account names so that you wind up with unique account names with unique UIDs.
If you set the uidNumber and homeDirectory attributes to the same for every account things should probably work the way you want.
You don't need to create 200 user accounts on each PC. Linux can fetch all user information from LDAP, so the accounts do not exist locally (i.e. in /etc/passwd). The home directory is then usually on a network drive (NFS or similar).
This is the standard approach. Is there a reason why you are not doing this?