Thanks Luke for further details...<br><br><div class="gmail_quote">On Wed, Sep 15, 2010 at 12:22 PM, theluketaylor <span dir="ltr"><<a href="mailto:ekul.taylor@gmail.com">ekul.taylor@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"> David,<br> <br> Hopefully my answers shed some more light<br></blockquote><div>The flashlight continues to shine into corners... <br></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"> <div class="im"><div></div><br> <br> </div>or just have a root terminal open on the test server. Either way<br> works. If you mess up your PAM config in certain ways you won't be<br> able to create new sessions (which also means sudo is out) but<br> existing sessions will work.; You'll be logging in and out to test<br> the config so you need to be sure you have a lifeline in case<br> something goes wrong. Also don't reboot the server until you're sure<br> you can login correctly.<br></blockquote><div>I kind of get this but not sure of details--So I call the session with something like Control-Alt-F2? And it's always in the background as long as I don't reboot the computer?<br> <br></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"> <div class="im"><br></div> While I just use AD to manage memberships it is possible to add AD<br> users to local unix groups. Having never had to do it myself I can`t<br> speak to how easy it would be but I`m not sure you`d be able to use<br> the graphical user and groups gnome tool. I do know the command line<br> addgroup scripts work fine though<br></blockquote><div>I think I'll open a new thread up for this question--it is key. <br></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"> <div class="im"><br> <br> > Does this affect how I setup squid proxy?<br> </div></blockquote><div> </div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">Depends on if you use transparent or authenticated mode. We have a<br> school-wide authenticated squid proxy. I have added a global setting<br> to firefox on our edubuntu server (found in /etc/firefox-3.6/default<br> or something like that) to define the proxy server settings so when<br> users open firefox the first time the setting is automatically added.<br> If you use transparent mode you shouldn't have to do anything<br></blockquote><div>I'd like to use authenticated as it leaves an accountability trail for users--Glad this works. <br></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"> <div class="im"><br> > How would this system relate to using Sabayon to managing users gconf<br> > preferences?<br> </div>Integrating AD into PAM means as far as applications are concerned AD<br> users are local unix users. So you can use sabayon just as before,<br> you can even have it use AD groups to choose what settings to apply.<br> I have one profile for an AD group called students_g and one for<br> teachers_g but you could go as fine-grained as you like.<br></blockquote><div>This is why I need groups on my computer--the district doesn't have fine-grain grouping. <br><br><br>I'll dive in to this after I've cleared up about local user accounts.<br> <br><br>David<br><br></div></div><br>