UIC ACM

User Tools

Site Tools

Trace: acmswitch2 acmswitch3 freeradius ad_backend

Sidebar

Main Sidebar

linux:ad_backend

This is an old revision of the document!



Table of Contents

ldap to AD/nss

nss gets the user lists from ldap (not passwords though)

install stuff

sudo apt-get update
sudo apt-get install libnss-ldap

configuring

LDAP Server Host Address: ldap://amadeus.acm.cs

distinguished name of the search base: DC=acm,DC=cs

Ldap Version: 3

get root ldap access: no

Dos Ldap require login: yes

Unprivileged database user: apacheacm@acm.cs

Password for database login account: (get this from a sysadmin)

getting the settings

The defaults for any values not listed here should be fine

anything listed here needs to be uncommented or changed

/etc/ldap.conf

# RFC 2307 (AD) mappings
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_attribute uid sAMAccountName
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute shadowLastChange pwdLastSet
nss_map_objectclass posixGroup group
nss_map_attribute uniqueMember member
pam_login_attribute sAMAccountName
pam_filter objectclass=User
pam_password ad


# Disable SASL security layers. This is needed for AD.
sasl_secprops maxssf=0

nssswitch

add “ldap” after passwd, group and shadow

/etc/nssswitch.conf

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat ldap
group:          compat ldap
shadow:         compat ldap

hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

first test

If you everything works correctly up until this point: 

getent passwd

should list all the AD users as well as the system users

kerberos

kerberos handles authentication of users. (passwords)

install stuff

apt-get install krb5-user
apt-get install krb5-config

krb5.conf

/etc/krb5.conf

[libdefaults]
        default_realm = ACM.CS

/etc/krb5.conf

[realms]
        ACM.CS = {
                kdc = amadeus.acm.cs
                kdc = acm-linux.cs-icl.uic.edu
                admin_server = amadeus.acm.cs
        }

linux/ad_backend.1256959394.txt.gz · Last modified: 2021/05/02 21:36 (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki