UIC ACM

User Tools

Site Tools

Trace:
linux:arch_ad_backend

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
linux:arch_ad_backend [2014/09/17 15:16]
walter [Kerberos] 		linux:arch_ad_backend [2018/06/11 17:25]
bmiddha
Line 1: Line 1:
-FIXME **Kerberos is still used for doing forced password updates at login and password changes, this is currently not working with just nslcd 08/09/12 - walter**+====== Arch AD Auth ====== 
 ====== Packages ====== ====== Packages ======
  
Line 6: Line 7:
 krb5  krb5 
  
-pam-krb5 ​(aur)+pam-krb5 
 ====== Configs ====== ====== Configs ======
  
 ===== Kerberos ===== ===== Kerberos =====
  
-<​file|krb5.conf>​+<file|/etc/krb5.conf>​
 [libdefaults] [libdefaults]
         default_realm = ACM.CS         default_realm = ACM.CS
Line 29: Line 31:
  
 To test run To test run
-<​code>​kinit username,/code>+<​code>​kinit username</code>
  
 ===== LDAP/NSLCD ===== ===== LDAP/NSLCD =====
Line 36: Line 38:
  
 **Make sure nslcd.conf can only be read by root** **Make sure nslcd.conf can only be read by root**
-<​file|nslcd.conf>​+<file|/etc/nslcd.conf>​
 uid nslcd uid nslcd
 gid nslcd gid nslcd
Line 67: Line 69:
 referrals off referrals off
 idle_timelimit 800 idle_timelimit 800
-filer passwd (&​(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))+filter ​passwd (&​(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*)(!(UserAccountControl:​1.2.840.113556.1.4.803:​=2)))
 map passwd uid sAMAccountName map passwd uid sAMAccountName
 map passwd homeDirectory unixHomeDirectory map passwd homeDirectory unixHomeDirectory
 map passwd gecos displayName map passwd gecos displayName
-filter shadow (&​(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))+filter shadow (&​(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*)(!(UserAccountControl:​1.2.840.113556.1.4.803:​=2)))
 map shadow uid sAMAccountName map shadow uid sAMAccountName
 map shadow shadowLastChange pwdLastSet map shadow shadowLastChange pwdLastSet
Line 81: Line 83:
  
 Edit the passwd, shadow, and group lines to this Edit the passwd, shadow, and group lines to this
-<​file|nsswitch.conf>​ +<file|/etc/nsswitch.conf>​ 
-passwd: ​compat ​ldap [NOTFOUND=return] +passwd: ​files ldap [NOTFOUND=return] 
-shadow: ​compat ​ldap [NOTFOUND=return] +shadow: ​files ldap [NOTFOUND=return] 
-group: ​compat ​ldap [NOTFOUND=return]+group: ​files ldap [NOTFOUND=return]
 </​file>​ </​file>​
  
Line 96: Line 98:
  
 To give admins sudo To give admins sudo
-<​file|sudoers>​+<file|/etc/sudoers.d/​AcmLanAdmins>
 %AcmLanAdmins ALL=(ALL) ALL %AcmLanAdmins ALL=(ALL) ALL
 </​file>​ </​file>​
  
-===== PAM =====+<​file|/​etc/​pam.d/​system-auth>​ 
 +auth      sufficient pam_ldap.so 
 +auth      required ​ pam_unix.so ​    ​try_first_pass nullok 
 +auth      optional ​ pam_permit.so 
 +auth      required ​ pam_env.so
  
-These files are in /etc/pam.d+account ​  ​sufficient pam_ldap.so 
 +account ​  ​required ​ pam_unix.so 
 +account ​  ​optional ​ pam_permit.so 
 +account ​  ​required ​ pam_time.so
  
-FIXME+password ​ sufficient pam_ldap.so 
 +password ​ required ​ pam_unix.so ​    ​try_first_pass nullok sha512 shadow 
 +password ​ optional ​ pam_permit.so
  
 +session ​  ​required ​ pam_limits.so
 +session ​  ​required ​ pam_unix.so
 +session ​  ​optional ​ pam_ldap.so
 +session ​  ​optional ​ pam_permit.so
 +</​file>​
linux/arch_ad_backend.txt · Last modified: 2021/05/02 21:36 (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki