35
Comment:
|
4482
|
Deletions are marked like this. | Additions are marked like this. |
Line 1: | Line 1: |
Describe LinuxDomainClients here. | ''' Back to Home Page ["BuildingALinuxDomain"] ''' This page decribes the steps on connecting a linux client to a ldap domain. == Debian based system == This is a Client install for a Debian based system, to communicate with an LDAP Server. Lets start off by addressing a bug that effects installs. == (bug #51315) == There is a current bug with the Ldap configuration that looks for the group nvram to correct this problem create the group nvram on the client machine. {{{ addgroup --system nvram }}} Next install the required packages {{{ aptitude install libnss-ldap libpam-ldap nscd }}} ldap-utils is an optional package (it can be used to query the ldap database remotely) libnss-ldap allows ldap to be used as a naming service libpam-ldap is used to authenticate users to ldap nscd is used to cache lookups so the ldap server wont be queried every time authentication is made. Once the packages start being unpacked you will see these questions: ldap server uniform-----which is yourIP address / hostname of the LDAP server Distinguished name of search base of your LDAP domain. ie: dc=my,dc=domain You'll be asked the version "Version 3" best in most cases. ldap account for root-----enter your root account for ldap server with the dc=my,dc=domain Enter root password Configure LIBNSS-LDAP OK On the next screen you'll be asked if you want to make root the DB admin...... "yes". Does the DB requires logging in, say "No" Next Root login account for LDAP. Typicaly: cn=manager,dc=my,dc=domain Then you'll need to enter the LDAP password for the LDAP account Next we need to modify a couple different files == Files(libnss-ldap.conf, libnss-ldap.conf, /etc/libnss-ldap.secret, /etc/pam_ldap.conf and /etc/pam_ldap.secret) == == Should already have been configured during install of the packages, if an error was made double check theses files == {{{ vi /etc/libnss-ldap.conf }}} (double check files) host ldap ------ensure ldap name or IP address is correct base dc=debuntu,dc=local-------again ensure they are set to your specifications from above. rootbinddn cn=admin,dc=debuntu,dc=local {{{ vi /etc/libnss-ldap.secret }}} -----------------(ensure password correct)-------------- XXXXX {{{ vi /etc/pam_ldap.conf }}} (double check files) host ldap base dc=debuntu,dc=local rootbinddn cn=admin,dc=debuntu,dc=local {{{ vi /etc/pam_ldap.secret }}} -----------------(ensure password correct)-------------- XXXXX == Will need to be configured == pam configuration files need to be modfied a bit like: vi /etc/pam.d/common-account }}} account sufficient pam_ldap.so account required pam_unix.so {{{ vi /etc/pam.d/common-auth }}} auth sufficient pam_ldap.so auth required pam_unix.so nullok_secure {{{ vi /etc/pam.d/common-password }}} password sufficient pam_ldap.so password required pam_unix.so nullok obscure min=4 max=8 md5 {{{ vi /etc/pam.d/common-session }}} session sufficient pam_ldap.so session required pam_unix.so Finally, let's edit nsswitch so the system will be able to switch from local system authentication to ldap authentication. {{{ vim /etc/nsswitch.conf }}} passwd: files ldap group: files ldap shadow: files ldap With everything entered correctly you should have a working LDAP Client :) == Fedora Client == The Fedora or redhat client is slightly easier. {{{ /usr/bin/authconfig-tui }}} http://img175.imageshack.us/img175/8835/authap0.jpg Check the boxes, then click next http://img501.imageshack.us/img501/7460/auth2va1.jpg Enter your server DNS name or IP address and your domain name. Click ok and your done. |
Back to Home Page ["BuildingALinuxDomain"]
This page decribes the steps on connecting a linux client to a ldap domain.
Debian based system
This is a Client install for a Debian based system, to communicate with an LDAP Server.
Lets start off by addressing a bug that effects installs.
(bug #51315)
There is a current bug with the Ldap configuration that looks for the group nvram to correct this problem create the group nvram on the client machine.
addgroup --system nvram
Next install the required packages
aptitude install libnss-ldap libpam-ldap nscd
- ldap-utils is an optional package (it can be used to query the ldap database remotely) libnss-ldap allows ldap to be used as a naming service libpam-ldap is used to authenticate users to ldap nscd is used to cache lookups so the ldap server wont be queried every time authentication is made.
Once the packages start being unpacked you will see these questions:
ldap server uniform
which is yourIP address / hostname of the LDAP server
- Distinguished name of search base of your LDAP domain. ie: dc=my,dc=domain You'll be asked the version "Version 3" best in most cases.
ldap account for root
enter your root account for ldap server with the dc=my,dc=domain
- Enter root password Configure LIBNSS-LDAP OK On the next screen you'll be asked if you want to make root the DB admin...... "yes". Does the DB requires logging in, say "No" Next Root login account for LDAP. Typicaly: cn=manager,dc=my,dc=domain Then you'll need to enter the LDAP password for the LDAP account
Next we need to modify a couple different files
Files(libnss-ldap.conf, libnss-ldap.conf, /etc/libnss-ldap.secret, /etc/pam_ldap.conf and /etc/pam_ldap.secret)
== Should already have been configured during install of the packages, if an error was made double check theses files ==
vi /etc/libnss-ldap.conf
- (double check files)
host ldap
ensure ldap name or IP address is correct
base dc=debuntu,dc=local
again ensure they are set to your specifications from above.
- rootbinddn cn=admin,dc=debuntu,dc=local
vi /etc/libnss-ldap.secret
(ensure password correct)--
- XXXXX
vi /etc/pam_ldap.conf
- (double check files)
- host ldap base dc=debuntu,dc=local rootbinddn cn=admin,dc=debuntu,dc=local
vi /etc/pam_ldap.secret
(ensure password correct)--
- XXXXX
Will need to be configured
pam configuration files need to be modfied a bit like:
vi /etc/pam.d/common-account }}}
- account sufficient pam_ldap.so account required pam_unix.so
vi /etc/pam.d/common-auth
- auth sufficient pam_ldap.so auth required pam_unix.so nullok_secure
vi /etc/pam.d/common-password
- password sufficient pam_ldap.so password required pam_unix.so nullok obscure min=4 max=8 md5
vi /etc/pam.d/common-session
- session sufficient pam_ldap.so session required pam_unix.so
Finally, let's edit nsswitch so the system will be able to switch from local system authentication to ldap authentication.
vim /etc/nsswitch.conf
- passwd: files ldap group: files ldap shadow: files ldap
With everything entered correctly you should have a working LDAP Client
Fedora Client
The Fedora or redhat client is slightly easier.
/usr/bin/authconfig-tui
http://img175.imageshack.us/img175/8835/authap0.jpg
Check the boxes, then click next
http://img501.imageshack.us/img501/7460/auth2va1.jpg
Enter your server DNS name or IP address and your domain name. Click ok and your done.