Back to Home Page Samba/BuildingALinuxDomain

This page decribes the steps on connecting a linux client to a ldap domain.

For a Debian or Fedora based system

This is a Client install for a Debian based system, to communicate with an LDAP Server.

Lets start off by addressing a bug that effects installs.

(bug #51315)

There is a current bug with the Ldap configuration that looks for the group nvram to correct this problem create the group nvram on the client machine.

addgroup --system nvram(kubuntu) or addgroup --system kvm(debian)

Next install the required packages

aptitude install libnss-ldap libpam-ldap nscd

Once the packages start being unpacked you will see these questions:


which is your IP address / hostname of the LDAP server


enter your root account for ldap server with the dc=my,dc=domain

Next we need to modify a couple different files

Files(libnss-ldap.conf, libnss-ldap.conf, /etc/libnss-ldap.secret, /etc/pam_ldap.conf and /etc/pam_ldap.secret)

== These files should have already been configured during the default installation of the packages, if an error occurs double check these files ==

vi /etc/libnss-ldap.conf

ensure ldap name or IP address is correct


again ensure that these files are set to specify the LDAP name and the Localhost name from above.

vi /etc/libnss-ldap.secret

(ensure password correct)--


vi /etc/pam_ldap.conf

vi /etc/pam_ldap.secret

(ensure password correct)--


These configuration files need to be configured to create sufficient password authentication access

pam configuration files need to be modfied a bit like:

vi /etc/pam.d/common-account }}}

vi /etc/pam.d/common-auth

vi /etc/pam.d/common-password

vi /etc/pam.d/common-session

Finally, let's edit nsswitch configuration file so that the system will be able to switch from local system authentication to ldap authentication.

vim /etc/nsswitch.conf

With everything entered correctly you should have a working LDAP Client :)

Fedora Client

The Fedora or redhat client is slightly easier.

 /usr/bin/authconfig-tui

http://img175.imageshack.us/img175/8835/authap0.jpg

Check the boxes, then click next

http://img501.imageshack.us/img501/7460/auth2va1.jpg

Enter your server DNS name or IP address and your domain name. Click ok and your done.