Back to Home Page BuildingALinuxDomain

This page decribes the steps on connecting a linux client to a ldap domain.

For a Debian or Fedora based system

This is a Client install for a Debian based system, to communicate with an LDAP Server.

Lets start off by addressing a bug that effects installs.

(bug #51315)

There is a current bug with the Ldap configuration that looks for the group nvram to correct this problem create the group nvram on the client machine.

addgroup --system nvram(kubuntu) or addgroup --system kvm(debian)

Next install the required packages

aptitude install libnss-ldap libpam-ldap nscd

Once the packages start being unpacked you will see these questions:

which is your IP address / hostname of the LDAP server

enter your root account for ldap server with the dc=my,dc=domain

Next we need to modify a couple different files

Files(libnss-ldap.conf, libnss-ldap.conf, /etc/libnss-ldap.secret, /etc/pam_ldap.conf and /etc/pam_ldap.secret)

== These files should have already been configured during the default installation of the packages, if an error occurs double check these files ==

vi /etc/libnss-ldap.conf

ensure ldap name or IP address is correct

again ensure that these files are set to specify the LDAP name and the Localhost name from above.

vi /etc/libnss-ldap.secret

(ensure password correct)--

vi /etc/pam_ldap.conf

vi /etc/pam_ldap.secret

(ensure password correct)--

These configuration files need to be configured to create sufficient password authentication access

pam configuration files need to be modfied a bit like:

vi /etc/pam.d/common-account }}}

vi /etc/pam.d/common-auth

vi /etc/pam.d/common-password

vi /etc/pam.d/common-session

Finally, let's edit nsswitch configuration file so that the system will be able to switch from local system authentication to ldap authentication.

vim /etc/nsswitch.conf

With everything entered correctly you should have a working LDAP Client :)

Fedora Client

The Fedora or redhat client is slightly easier.


Check the boxes, then click next

Enter your server DNS name or IP address and your domain name. Click ok and your done.