Differences between revisions 1 and 18 (spanning 17 versions)
Revision 1 as of 2007-05-03 02:06:42
Size: 35
Editor: ?daveowens
Comment:
Revision 18 as of 2007-05-17 01:44:00
Size: 4482
Editor: ?daveowens
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
Describe LinuxDomainClients here. ''' Back to Home Page ["BuildingALinuxDomain"] '''

This page decribes the steps on connecting a linux client to a ldap domain.

== Debian based system ==

This is a Client install for a Debian based system, to communicate with an LDAP Server.

Lets start off by addressing a bug that effects installs.
== (bug #51315) ==

There is a current bug with the Ldap configuration that looks for the group nvram
to correct this problem create the group nvram on the client machine.
{{{
addgroup --system nvram
}}}
Next install the required packages
{{{
aptitude install libnss-ldap libpam-ldap nscd
}}}
                         ldap-utils is an optional package (it can be used to query the ldap database remotely)
                         libnss-ldap allows ldap to be used as a naming service
                         libpam-ldap is used to authenticate users to ldap
                         nscd is used to cache lookups so the ldap server wont be queried every time authentication is made.

Once the packages start being unpacked you will see these questions:

                  ldap server uniform-----which is yourIP address / hostname of the LDAP server
                  Distinguished name of search base of your LDAP domain. ie: dc=my,dc=domain
                  You'll be asked the version "Version 3" best in most cases.
                  ldap account for root-----enter your root account for ldap server with the dc=my,dc=domain
                  Enter root password
                  Configure LIBNSS-LDAP OK
                  On the next screen you'll be asked if you want to make root the DB admin...... "yes".
                  Does the DB requires logging in, say "No"
                  Next Root login account for LDAP. Typicaly: cn=manager,dc=my,dc=domain
                  Then you'll need to enter the LDAP password for the LDAP account

Next we need to modify a couple different files

== Files(libnss-ldap.conf, libnss-ldap.conf, /etc/libnss-ldap.secret, /etc/pam_ldap.conf and /etc/pam_ldap.secret) ==
== Should already have been configured during install of the packages, if an error was made double check theses files ==

{{{
vi /etc/libnss-ldap.conf
}}}
                                             (double check files)
                  host ldap ------ensure ldap name or IP address is correct
                  base dc=debuntu,dc=local-------again ensure they are set to your specifications from above.
                  rootbinddn cn=admin,dc=debuntu,dc=local
{{{
vi /etc/libnss-ldap.secret
}}}
                  -----------------(ensure password correct)--------------
                  XXXXX
{{{
vi /etc/pam_ldap.conf
}}}
                                    (double check files)
                  host ldap
                  base dc=debuntu,dc=local
                  rootbinddn cn=admin,dc=debuntu,dc=local
{{{
vi /etc/pam_ldap.secret
}}}
                  -----------------(ensure password correct)--------------
                  XXXXX





== Will need to be configured ==

pam configuration files need to be modfied a bit like:

vi /etc/pam.d/common-account
}}}

                  account sufficient pam_ldap.so
                  account required pam_unix.so
{{{
vi /etc/pam.d/common-auth
}}}

                  auth sufficient pam_ldap.so
                  auth required pam_unix.so nullok_secure
{{{
vi /etc/pam.d/common-password
}}}

                  password sufficient pam_ldap.so
                  password required pam_unix.so nullok obscure min=4 max=8 md5
{{{
vi /etc/pam.d/common-session
}}}
                  session sufficient pam_ldap.so
                  session required pam_unix.so
           

Finally, let's edit nsswitch so the system will be able to switch from local system authentication to ldap authentication.

{{{
vim /etc/nsswitch.conf
}}}
                  passwd: files ldap
                  group: files ldap
                  shadow: files ldap


With everything entered correctly you should have a working LDAP Client :)

== Fedora Client ==

The Fedora or redhat client is slightly easier.

{{{
 /usr/bin/authconfig-tui
}}}

http://img175.imageshack.us/img175/8835/authap0.jpg

Check the boxes, then click next

http://img501.imageshack.us/img501/7460/auth2va1.jpg

Enter your server DNS name or IP address and your domain name. Click ok and your done.

Back to Home Page ["BuildingALinuxDomain"]

This page decribes the steps on connecting a linux client to a ldap domain.

Debian based system

This is a Client install for a Debian based system, to communicate with an LDAP Server.

Lets start off by addressing a bug that effects installs.

(bug #51315)

There is a current bug with the Ldap configuration that looks for the group nvram to correct this problem create the group nvram on the client machine.

addgroup --system nvram

Next install the required packages

aptitude install libnss-ldap libpam-ldap nscd
  • ldap-utils is an optional package (it can be used to query the ldap database remotely) libnss-ldap allows ldap to be used as a naming service libpam-ldap is used to authenticate users to ldap nscd is used to cache lookups so the ldap server wont be queried every time authentication is made.

Once the packages start being unpacked you will see these questions:

  • ldap server uniform


which is yourIP address / hostname of the LDAP server

  • Distinguished name of search base of your LDAP domain. ie: dc=my,dc=domain You'll be asked the version "Version 3" best in most cases.

    ldap account for root


enter your root account for ldap server with the dc=my,dc=domain

  • Enter root password Configure LIBNSS-LDAP OK On the next screen you'll be asked if you want to make root the DB admin...... "yes". Does the DB requires logging in, say "No" Next Root login account for LDAP. Typicaly: cn=manager,dc=my,dc=domain Then you'll need to enter the LDAP password for the LDAP account

Next we need to modify a couple different files

Files(libnss-ldap.conf, libnss-ldap.conf, /etc/libnss-ldap.secret, /etc/pam_ldap.conf and /etc/pam_ldap.secret)

== Should already have been configured during install of the packages, if an error was made double check theses files ==

vi /etc/libnss-ldap.conf
  • (double check files)
  • host ldap


ensure ldap name or IP address is correct

  • base dc=debuntu,dc=local


again ensure they are set to your specifications from above.

  • rootbinddn cn=admin,dc=debuntu,dc=local

vi /etc/libnss-ldap.secret

(ensure password correct)--


  • XXXXX

vi /etc/pam_ldap.conf
  • (double check files)
  • host ldap base dc=debuntu,dc=local rootbinddn cn=admin,dc=debuntu,dc=local

vi /etc/pam_ldap.secret

(ensure password correct)--


  • XXXXX

Will need to be configured

pam configuration files need to be modfied a bit like:

vi /etc/pam.d/common-account }}}

  • account sufficient pam_ldap.so account required pam_unix.so

vi /etc/pam.d/common-auth
  • auth sufficient pam_ldap.so auth required pam_unix.so nullok_secure

vi /etc/pam.d/common-password
  • password sufficient pam_ldap.so password required pam_unix.so nullok obscure min=4 max=8 md5

vi /etc/pam.d/common-session
  • session sufficient pam_ldap.so session required pam_unix.so

Finally, let's edit nsswitch so the system will be able to switch from local system authentication to ldap authentication.

vim /etc/nsswitch.conf
  • passwd: files ldap group: files ldap shadow: files ldap

With everything entered correctly you should have a working LDAP Client :)

Fedora Client

The Fedora or redhat client is slightly easier.

 /usr/bin/authconfig-tui

http://img175.imageshack.us/img175/8835/authap0.jpg

Check the boxes, then click next

http://img501.imageshack.us/img501/7460/auth2va1.jpg

Enter your server DNS name or IP address and your domain name. Click ok and your done.