User Tools

Site Tools


linux:arch_ad_backend

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
linux:arch_ad_backend [2014/11/18 16:01]
walter [Packages]
linux:arch_ad_backend [2021/05/02 21:36] (current)
Line 1: Line 1:
 +====== Arch AD Auth ======
 +
 ====== Packages ====== ====== Packages ======
  
-nss-pam-ldapd +<​code>​pacman -S nss-pam-ldapd krb5 pam-krb5</​code>​
- +
-krb5  +
- +
-pam-krb5 ​(aur) +
- +
-acm-pam (acm repo)+
  
-acm-admin-sudoers (acm repo) 
 ====== Configs ====== ====== Configs ======
  
 ===== Kerberos ===== ===== Kerberos =====
  
-<​file|krb5.conf>​+<file|/etc/krb5.conf>​
 [libdefaults] [libdefaults]
         default_realm = ACM.CS         default_realm = ACM.CS
Line 39: Line 34:
  
 **Make sure nslcd.conf can only be read by root** **Make sure nslcd.conf can only be read by root**
-<​file|nslcd.conf>​+<file|/etc/nslcd.conf>​
 uid nslcd uid nslcd
 gid nslcd gid nslcd
Line 70: Line 65:
 referrals off referrals off
 idle_timelimit 800 idle_timelimit 800
-filer passwd (&​(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))+filter ​passwd (&​(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*)(!(UserAccountControl:​1.2.840.113556.1.4.803:​=2)))
 map passwd uid sAMAccountName map passwd uid sAMAccountName
 map passwd homeDirectory unixHomeDirectory map passwd homeDirectory unixHomeDirectory
 map passwd gecos displayName map passwd gecos displayName
-filter shadow (&​(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))+filter shadow (&​(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*)(!(UserAccountControl:​1.2.840.113556.1.4.803:​=2)))
 map shadow uid sAMAccountName map shadow uid sAMAccountName
 map shadow shadowLastChange pwdLastSet map shadow shadowLastChange pwdLastSet
Line 84: Line 79:
  
 Edit the passwd, shadow, and group lines to this Edit the passwd, shadow, and group lines to this
-<​file|nsswitch.conf>​ +<file|/etc/nsswitch.conf>​ 
-passwd: ​compat ​ldap [NOTFOUND=return] +passwd: ​files ldap [NOTFOUND=return] 
-shadow: ​compat ​ldap [NOTFOUND=return] +shadow: ​files ldap [NOTFOUND=return] 
-group: ​compat ​ldap [NOTFOUND=return]+group: ​files ldap [NOTFOUND=return]
 </​file>​ </​file>​
  
Line 99: Line 94:
  
 To give admins sudo To give admins sudo
-<​file|sudoers>​+<file|/etc/sudoers.d/​AcmLanAdmins>
 %AcmLanAdmins ALL=(ALL) ALL %AcmLanAdmins ALL=(ALL) ALL
 </​file>​ </​file>​
  
-===== PAM =====+<​file|/​etc/​pam.d/​system-auth>​ 
 +auth      sufficient pam_ldap.so 
 +auth      required ​ pam_unix.so ​    ​try_first_pass nullok 
 +auth      optional ​ pam_permit.so 
 +auth      required ​ pam_env.so
  
-These files are in /etc/pam.d+account ​  ​sufficient pam_ldap.so 
 +account ​  ​required ​ pam_unix.so 
 +account ​  ​optional ​ pam_permit.so 
 +account ​  ​required ​ pam_time.so
  
-FIXME+password ​ sufficient pam_ldap.so 
 +password ​ required ​ pam_unix.so ​    ​try_first_pass nullok sha512 shadow 
 +password ​ optional ​ pam_permit.so
  
 +session ​  ​required ​ pam_limits.so
 +session ​  ​required ​ pam_unix.so
 +session ​  ​optional ​ pam_ldap.so
 +session ​  ​optional ​ pam_permit.so
 +</​file>​
linux/arch_ad_backend.1416326500.txt.gz · Last modified: 2021/05/02 21:36 (external edit)