User Tools

Site Tools


linux:ad_backend

This is an old revision of the document!




ldap to AD/nss

nss gets the user lists from ldap (not passwords though)

install stuff

sudo apt-get update
sudo apt-get install libnss-ldap

configuring

LDAP Server Host Address: ldap://amadeus.acm.cs

now ldap://dvorak.acm.cs

distinguished name of the search base: DC=acm,DC=cs

Ldap Version: 3

get root ldap access: no

Does Ldap require login: yes

Unprivileged database user: apacheacm@acm.cs

Password for database login account: (get this from a sysadmin) (syadmin hint: look in /etc/apache2/acm.cs.uic.edu-secure on acm)

getting the settings

The defaults for any values not listed here should be fine

anything listed here needs to be uncommented or changed

/etc/ldap.conf

# RFC 2307 (AD) mappings
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_attribute uid sAMAccountName
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute shadowLastChange pwdLastSet
nss_map_objectclass posixGroup group
nss_map_attribute uniqueMember member
pam_login_attribute sAMAccountName
pam_filter objectclass=User
pam_password ad


# Disable SASL security layers. This is needed for AD.
sasl_secprops maxssf=0

nssswitch

add “ldap” after passwd, group and shadow

/etc/nssswitch.conf

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat ldap
group:          compat ldap
shadow:         compat ldap

hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

first test

If you everything works correctly up until this point:

getent passwd 

should list all the AD users as well as the system users

kerberos

kerberos handles authentication of users. (passwords)

install stuff

apt-get install krb5-user
apt-get install krb5-config

krb5.conf

make changes to the following 2 sections of /etc/krb5.conf

/etc/krb5.conf

[libdefaults]
        default_realm = ACM.CS

/etc/krb5.conf

[realms]
        ACM.CS = {
                kdc = amadeus.acm.cs
                kdc = acm-linux.cs-icl.uic.edu
                admin_server = amadeus.acm.cs
        }

linux/ad_backend.1271445681.txt.gz · Last modified: 2021/05/02 21:36 (external edit)