Differences between revisions 4 and 5
Revision 4 as of 2007-05-10 01:52:54
Size: 2687
Editor: ?jssmayne
Comment:
Revision 5 as of 2007-05-17 00:35:33
Size: 4152
Editor: ?jssmayne
Comment:
Deletions are marked like this. Additions are marked like this.
Line 3: Line 3:
This is a Client install for a Debian based system. ===Debian based system===

This is a Client install for a Debian based system, to communicate with an LDAP Server.

Lets start off by addressing a bug that effects installs.
===(bug #51315)===
Line 7: Line 12:
{{{
                  addgroup --system nvram
}}}
Next install the required packages
{{{
                  aptitude install libnss-ldap libpam-ldap nscd
}}}
                         ldap-utils is an optional package (it can be used to query the ldap database remotely)
                         libnss-ldap allows ldap to be used as a naming service
                         libpam-ldap is used to authenticate users to ldap
                         nscd is used to cache lookups so the ldap server wont be queried every time authentication is made.
Line 8: Line 24:
                  addgroup --system nvram Once the packages start being unpacked you will see these questions:
Line 10: Line 26:
Next install the required packages

aptitude install libnss-ldap libpam-ldap nscd


Onc
e the packages start being unpacked you will see a questions:
                  
IP address / hostname of the LDAP server. ie:ldap.my.domain
                  The search base of your LDAP domain. ie: dc=my,dc=domain
                  ldap server uniform-----which is yourIP address / hostname of the LDAP server
                  Distinguished name of search base of your LDAP domain. ie: dc=my,dc=domain
Line 19: Line 29:
                  Configure LIBNSS-LDAP yes                   ldap account for root-----enter your root account for ldap server with the dc=my,dc=domain
                  Enter root password
                  Configure LIBNSS-LDAP OK
Line 27: Line 39:
==Files(libnss-ldap.conf, libnss-ldap.conf, /etc/libnss-ldap.secret, /etc/pam_ldap.conf and /etc/pam_ldap.secret)==
==Should already have been configured during install of the packages, if an error was made double check theses files==

{{{
Line 28: Line 44:
}}}
                                             (double check files)
                  host ldap ------ensure ldap name or IP address is correct
                  base dc=debuntu,dc=local-------again ensure they are set to your specifications from above.
                  rootbinddn cn=admin,dc=debuntu,dc=local
{{{
#vi /etc/libnss-ldap.secret
}}}
                  -----------------(ensure password correct)--------------
                  XXXXX
{{{
#vi /etc/pam_ldap.conf
}}}
                                    (double check files)
Line 32: Line 61:

#vi /etc/libnss-ldap.secret

                  XXXXX

#vi /etc/pam_ldap.conf
                  
                  host ldap
                  base dc=debuntu,dc=local
                  rootbinddn cn=admin,dc=debuntu,dc=local
{{{
Line 44: Line 63:
                   }}}
                  -----------------(ensure password correct)--------------
Line 49: Line 69:


==Will need to be configured==

Line 50: Line 75:
}}}
Line 53: Line 79:
{{{
Line 55: Line 81:
}}}
Line 58: Line 85:
{{{
Line 60: Line 87:
}}}
Line 63: Line 91:
{{{
Line 65: Line 93:
}}}
Line 72: Line 100:
{{{
Line 73: Line 102:
}}}
Line 79: Line 108:
With everything entered correctly you should have a working LDAP Client :) ==With everything entered correctly you should have a working LDAP Client :)==

Back to Home Page ["BuildingALinuxDomain"]

===Debian based system===

This is a Client install for a Debian based system, to communicate with an LDAP Server.

Lets start off by addressing a bug that effects installs. ===(bug #51315)===

There is a current bug with the Ldap configuration that looks for the group nvram to correct this problem create the group nvram on the client machine.

                  addgroup --system nvram

Next install the required packages

                  aptitude install libnss-ldap libpam-ldap nscd
  • ldap-utils is an optional package (it can be used to query the ldap database remotely) libnss-ldap allows ldap to be used as a naming service libpam-ldap is used to authenticate users to ldap nscd is used to cache lookups so the ldap server wont be queried every time authentication is made.

Once the packages start being unpacked you will see these questions:

  • ldap server uniform


which is yourIP address / hostname of the LDAP server

  • Distinguished name of search base of your LDAP domain. ie: dc=my,dc=domain You'll be asked the version "Version 3" best in most cases.

    ldap account for root


enter your root account for ldap server with the dc=my,dc=domain

  • Enter root password Configure LIBNSS-LDAP OK On the next screen you'll be asked if you want to make root the DB admin...... "yes". Does the DB requires logging in, say "No" Next Root login account for LDAP. Typicaly: cn=manager,dc=my,dc=domain Then you'll need to enter the LDAP password for the LDAP account

Next we need to modify a couple different files

==Files(libnss-ldap.conf, libnss-ldap.conf, /etc/libnss-ldap.secret, /etc/pam_ldap.conf and /etc/pam_ldap.secret)== ==Should already have been configured during install of the packages, if an error was made double check theses files==

#vi /etc/libnss-ldap.conf
  • (double check files)
  • host ldap


ensure ldap name or IP address is correct

  • base dc=debuntu,dc=local


again ensure they are set to your specifications from above.

  • rootbinddn cn=admin,dc=debuntu,dc=local

#vi /etc/libnss-ldap.secret

(ensure password correct)--


  • XXXXX

#vi /etc/pam_ldap.conf
  • (double check files)
  • host ldap base dc=debuntu,dc=local rootbinddn cn=admin,dc=debuntu,dc=local

#vi /etc/pam_ldap.secret

(ensure password correct)--


  • XXXXX

pam configuration files need to be modfied a bit like:

==Will need to be configured==

#vi /etc/pam.d/common-account }}}

  • account sufficient pam_ldap.so account required pam_unix.so

#vi /etc/pam.d/common-auth
  • auth sufficient pam_ldap.so auth required pam_unix.so nullok_secure use_first_pass

#vi /etc/pam.d/common-password
  • password sufficient pam_ldap.so password required pam_unix.so nullok obscure min=4 max=8 md5

#vi /etc/pam.d/common-session
  • session sufficient pam_ldap.so session required pam_unix.so session optional pam_foreground.so

Finally, let's edit nsswitch so the system will be able to switch from local system authentication to ldap authentication.

# vim /etc/nsswitch.conf
  • passwd: files ldap group: files ldap shadow: files ldap

==With everything entered correctly you should have a working LDAP Client :)==