Differences between revisions 2 and 3
Revision 2 as of 2007-05-03 02:31:54
Size: 89
Editor: ?BobBobly
Comment:
Revision 3 as of 2007-05-10 01:49:37
Size: 2682
Editor: ?jssmayne
Comment:
Deletions are marked like this. Additions are marked like this.
Line 3: Line 3:
Describe LinuxDomainClients here. This is a Client install for a Debian based system.

There is a current bug with the Ldap configuration that looks for the group nvram
to correct this problem create the group nvram on the client machine.

                  addgroup --system nvram

Next install the required packages

                  aptitude install libnss-ldap libpam-ldap


Once the packages start being unpacked you will see a questions:
                  IP address / hostname of the LDAP server. ie:ldap.my.domain
                  The search base of your LDAP domain. ie: dc=my,dc=domain
                  You'll be asked the version "Version 3" best in most cases.
                  Configure LIBNSS-LDAP yes
                  On the next screen you'll be asked if you want to make root the DB admin...... "yes".
                  Does the DB requires logging in, say "No"
                  Next Root login account for LDAP. Typicaly: cn=manager,dc=my,dc=domain
                  Then you'll need to enter the LDAP password for the LDAP account

Next we need to modify a couple different files

#vi /etc/libnss-ldap.conf

                  host ldap
                  base dc=debuntu,dc=local
                  rootbinddn cn=admin,dc=debuntu,dc=local

#vi /etc/libnss-ldap.secret

                  XXXXX

#vi /etc/pam_ldap.conf
                  
                  host ldap
                  base dc=debuntu,dc=local
                  rootbinddn cn=admin,dc=debuntu,dc=local

#vi /etc/pam_ldap.secret
                  
                  XXXXX

pam configuration files need to be modfied a bit like:

#vi /etc/pam.d/common-account

                  account sufficient pam_ldap.so
                  account required pam_unix.so

#vi /etc/pam.d/common-auth

                  auth sufficient pam_ldap.so
                  auth required pam_unix.so nullok_secure use_first_pass

#vi /etc/pam.d/common-password

                  password sufficient pam_ldap.so
                  password required pam_unix.so nullok obscure min=4 max=8 md5

#vi /etc/pam.d/common-session

                  session sufficient pam_ldap.so
                  session required pam_unix.so
                  session optional pam_foreground.so

Finally, let's edit nsswitch so the system will be able to switch from local system authentication to ldap authentication.

# vim /etc/nsswitch.conf

                  passwd: files ldap
                  group: files ldap
                  shadow: files ldap


With everything entered correctly you should have a working LDAP Client :)

Back to Home Page ["BuildingALinuxDomain"]

This is a Client install for a Debian based system.

There is a current bug with the Ldap configuration that looks for the group nvram to correct this problem create the group nvram on the client machine.

  • addgroup --system nvram

Next install the required packages

  • aptitude install libnss-ldap libpam-ldap

Once the packages start being unpacked you will see a questions:

  • IP address / hostname of the LDAP server. ie:ldap.my.domain The search base of your LDAP domain. ie: dc=my,dc=domain You'll be asked the version "Version 3" best in most cases. Configure LIBNSS-LDAP yes On the next screen you'll be asked if you want to make root the DB admin...... "yes". Does the DB requires logging in, say "No" Next Root login account for LDAP. Typicaly: cn=manager,dc=my,dc=domain Then you'll need to enter the LDAP password for the LDAP account

Next we need to modify a couple different files

#vi /etc/libnss-ldap.conf

  • host ldap base dc=debuntu,dc=local rootbinddn cn=admin,dc=debuntu,dc=local

#vi /etc/libnss-ldap.secret

  • XXXXX

#vi /etc/pam_ldap.conf

  • host ldap base dc=debuntu,dc=local rootbinddn cn=admin,dc=debuntu,dc=local

#vi /etc/pam_ldap.secret

  • XXXXX

pam configuration files need to be modfied a bit like:

#vi /etc/pam.d/common-account

  • account sufficient pam_ldap.so account required pam_unix.so

#vi /etc/pam.d/common-auth

  • auth sufficient pam_ldap.so auth required pam_unix.so nullok_secure use_first_pass

#vi /etc/pam.d/common-password

  • password sufficient pam_ldap.so password required pam_unix.so nullok obscure min=4 max=8 md5

#vi /etc/pam.d/common-session

  • session sufficient pam_ldap.so session required pam_unix.so session optional pam_foreground.so

Finally, let's edit nsswitch so the system will be able to switch from local system authentication to ldap authentication.

# vim /etc/nsswitch.conf

  • passwd: files ldap group: files ldap shadow: files ldap

With everything entered correctly you should have a working LDAP Client :)