UIC ACM

User Tools

Site Tools

Trace: ad_backend

Sidebar

Main Sidebar

linux:ad_backend

This is an old revision of the document!



Table of Contents

ldap to AD/nss

nss gets the user lists from ldap (not passwords though)

install stuff

sudo apt-get update
sudo apt-get install libnss-ldap

configuring

LDAP Server Host Address: ldaps:ad1.acm.cs ldaps:ad2.acm.cs ldaps:ad3.acm.cs distinguished name of the search base: DC=acm,DC=cs Ldap Version: 3 get root ldap access: no Does Ldap require login: yes Unprivileged database user: apacheacm@acm.cs Password for database login account: (get this from a sysadmin) (syadmin hint: look in /etc/apache2/sites-enabled/acm.cs.uic.edu-secure on acm) ===== getting the settings ===== The defaults for any values not listed here should be fine anything listed here needs to be uncommented or changed <file|/etc/ldap.conf> # RFC 2307 (AD) mappings nss_map_objectclass posixAccount user nss_map_objectclass shadowAccount user nss_map_attribute uid sAMAccountName nss_map_attribute homeDirectory unixHomeDirectory nss_map_attribute shadowLastChange pwdLastSet nss_map_objectclass posixGroup group nss_map_attribute uniqueMember member pam_login_attribute sAMAccountName pam_filter objectclass=User pam_password ad # Disable SASL security layers. This is needed for AD. sasl_secprops maxssf=0 </file> ===== nssswitch ===== add “ldap” after passwd, group and shadow <file|/etc/nssswitch.conf> # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc “Name Service Switch”' for information about this file. passwd: files ldap group: files ldap shadow: files ldap hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis </file> ===== first test ===== If you everything works correctly up until this point: getent passwd should list all the AD users as well as the system users ====== kerberos ====== kerberos handles authentication of users. (passwords) ===== install stuff ===== apt-get install krb5-user apt-get install krb5-config apt-get install libpam-krb5 ===== krb5.conf ===== make changes to the following 2 sections of /etc/krb5.conf <file|/etc/krb5.conf> [libdefaults] default_realm = ACM.CS dns_lookup_realm = false dns_lookup_kdc = true [realms] [domain_realm] acm.cs = ACM.CS .acm.cs = ACM.CS [logging] # kdc = CONSOLE </file>

linux/ad_backend.1418139969.txt.gz · Last modified: 2021/05/02 21:36 (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki