linux:ad_backend
Differences
This shows you the differences between two versions of the page.
|
linux:ad_backend [2009/10/31 03:23] hef |
linux:ad_backend [2021/05/02 21:36] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== ldap to AD/nss ====== | ||
| - | nss gets the user lists from ldap (not passwords though) | ||
| - | ===== install stuff ===== | ||
| - | |||
| - | sudo apt-get update | ||
| - | sudo apt-get install libnss-ldap | ||
| - | |||
| - | ===== configuring ===== | ||
| - | |||
| - | |||
| - | LDAP Server Host Address: | ||
| - | ldap://amadeus.acm.cs | ||
| - | |||
| - | distinguished name of the search base: | ||
| - | DC=acm,DC=cs | ||
| - | |||
| - | Ldap Version: | ||
| - | 3 | ||
| - | |||
| - | get root ldap access: no | ||
| - | |||
| - | Dos Ldap require login: yes | ||
| - | |||
| - | Unprivileged database user: apacheacm@acm.cs | ||
| - | |||
| - | Password for database login account: (get this from a sysadmin) | ||
| - | |||
| - | ===== getting the settings ===== | ||
| - | The defaults for any values not listed here should be fine | ||
| - | |||
| - | anything listed here needs to be uncommented or changed | ||
| - | |||
| - | <file|/etc/ldap.conf> | ||
| - | # RFC 2307 (AD) mappings | ||
| - | nss_map_objectclass posixAccount user | ||
| - | nss_map_objectclass shadowAccount user | ||
| - | nss_map_attribute uid sAMAccountName | ||
| - | nss_map_attribute homeDirectory unixHomeDirectory | ||
| - | nss_map_attribute shadowLastChange pwdLastSet | ||
| - | nss_map_objectclass posixGroup group | ||
| - | nss_map_attribute uniqueMember member | ||
| - | pam_login_attribute sAMAccountName | ||
| - | pam_filter objectclass=User | ||
| - | pam_password ad | ||
| - | |||
| - | |||
| - | # Disable SASL security layers. This is needed for AD. | ||
| - | sasl_secprops maxssf=0 | ||
| - | </file> | ||
| - | ===== nssswitch ===== | ||
| - | add "ldap" after passwd, group and shadow | ||
| - | <file|/etc/nssswitch.conf> | ||
| - | # /etc/nsswitch.conf | ||
| - | # | ||
| - | # Example configuration of GNU Name Service Switch functionality. | ||
| - | # If you have the `glibc-doc-reference' and `info' packages installed, try: | ||
| - | # `info libc "Name Service Switch"' for information about this file. | ||
| - | |||
| - | passwd: compat ldap | ||
| - | group: compat ldap | ||
| - | shadow: compat ldap | ||
| - | |||
| - | hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 | ||
| - | networks: files | ||
| - | |||
| - | protocols: db files | ||
| - | services: db files | ||
| - | ethers: db files | ||
| - | rpc: db files | ||
| - | |||
| - | netgroup: nis | ||
| - | |||
| - | </file> | ||
| - | |||
| - | ===== first test ===== | ||
| - | |||
| - | If you everything works correctly up until this point: | ||
| - | |||
| - | getent passwd | ||
| - | should list all the AD users as well as the system users | ||
| - | ====== kerberos ====== | ||
| - | kerberos handles authentication of users. (passwords) | ||
| - | ===== install stuff ===== | ||
| - | apt-get install krb5-user | ||
| - | apt-get install krb5-config | ||
| - | |||
| - | ===== krb5.conf ===== | ||
| - | make changes to the following 2 sections of /etc/krb5.conf | ||
| - | <file|/etc/krb5.conf> | ||
| - | [libdefaults] | ||
| - | default_realm = ACM.CS | ||
| - | </file> | ||
| - | <file|/etc/krb5.conf> | ||
| - | [realms] | ||
| - | ACM.CS = { | ||
| - | kdc = amadeus.acm.cs | ||
| - | kdc = acm-linux.cs-icl.uic.edu | ||
| - | admin_server = amadeus.acm.cs | ||
| - | } | ||
| - | |||
| - | </file> | ||
linux/ad_backend.txt ยท Last modified: 2021/05/02 21:36 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
