Difference between revisions of "Debian LDAP Client Installation"
| Line 39: | Line 39: | ||
Now to configure LDAP-PAM integration: | Now to configure LDAP-PAM integration: | ||
| − | + | 1. Install the required packages: | |
| − | |||
| − | 1. | ||
{{Command|<nowiki>apt-get install ldap-utils libpam-ldap libnss-ldap nscd</nowiki>}} | {{Command|<nowiki>apt-get install ldap-utils libpam-ldap libnss-ldap nscd</nowiki>}} | ||
| − | 2. | + | 2. Edit the file /etc/libnss-ldap.conf like this: |
{{File|/etc/libnss-ldap.conf|<pre><nowiki> | {{File|/etc/libnss-ldap.conf|<pre><nowiki> | ||
... | ... | ||
| Line 62: | Line 60: | ||
... | ... | ||
</nowiki></pre>}} | </nowiki></pre>}} | ||
| − | 3. | + | 3. Set-up the file /etc/nsswitch.conf |
{{File|/etc/nsswitch.conf|<pre><nowiki> | {{File|/etc/nsswitch.conf|<pre><nowiki> | ||
... | ... | ||
| Line 70: | Line 68: | ||
... | ... | ||
</nowiki></pre>}} | </nowiki></pre>}} | ||
| − | 4. | + | 4. Add the following option to /etc/openldap/ldap.conf |
{{File|/etc/openldap/ldap.conf|<pre><nowiki> | {{File|/etc/openldap/ldap.conf|<pre><nowiki> | ||
... | ... | ||
| Line 76: | Line 74: | ||
... | ... | ||
</nowiki></pre>}} | </nowiki></pre>}} | ||
| − | 5. | + | 5. Replace the following line in /etc/pamd.d/common-password |
| − | + | {{File|/etc/pamd.d/common-password|<pre><nowiki> | |
| − | + | password required pam_unix.so nullok obscure md5 | |
| − | + | </nowiki></pre>}} | |
| − | + | for | |
| − | + | {{File|/etc/pamd.d/common-password|<pre><nowiki> | |
| − | + | password required pam_passwdqc.so min=disabled,16,12,8,6 max=256 | |
| − | + | password sufficient pam_unix.so use_authtok md5 | |
| − | + | password sufficient pam_ldap.so use_first_pass use_authtok md5 | |
| − | + | password required pam_deny.so | |
| − | + | </nowiki></pre>}} | |
6) Remplazar la siguiente línea en el archivo /etc/pamd.d/common-auth | 6) Remplazar la siguiente línea en el archivo /etc/pamd.d/common-auth | ||
Revision as of 15:52, 3 September 2014
Back to LDAP
This procedure shows how to create a ldap client installation from packages.
1. First install the required packages:
An interface is shown at the end of the installation of the packages; In that interface is were the configuration parameters must be entered.
2. Server setup
ldap://192.168.66.120
3. Entering the base
dc=uis,dc=edu,dc=co
4. Setting-up the protocol version
select 3
5. Setting-up pam-utilities to change passwords
Select Yes
6. Database access
Select No
7. Setting-up account with LDAP access priviledges Configurar la cuenta de acceso con privilegios a LDAP
cn=admin,dc=uis,dc=edu,dc=co
8. Entering the password for said account.
Now to configure LDAP-PAM integration:
1. Install the required packages:
2. Edit the file /etc/libnss-ldap.conf like this:
... base dc=local,dc=net uri ldaps://ldap.local.net ldap_version 3 binddn cn=nss,ou=Admin,dc=local,dc=net bindpw COLOQUE_AQUI_LA_CLAVE scope one pam_filter objectclass=posixAccount pam_login_attribute uid pam_password crypt nss_base_passwd ou=People,dc=local,dc=net?one nss_base_shadow ou=People,dc=local,dc=net?one nss_base_group ou=Group,dc=local,dc=net?one ssl on tls_checkpeer no ...
3. Set-up the file /etc/nsswitch.conf
... passwd: files ldap shadow: files ldap group: files ldap ...
4. Add the following option to /etc/openldap/ldap.conf
... TLS_REQCERT never ...
5. Replace the following line in /etc/pamd.d/common-password
password required pam_unix.so nullok obscure md5
for
password required pam_passwdqc.so min=disabled,16,12,8,6 max=256 password sufficient pam_unix.so use_authtok md5 password sufficient pam_ldap.so use_first_pass use_authtok md5 password required pam_deny.so
6) Remplazar la siguiente línea en el archivo /etc/pamd.d/common-auth
auth required pam_unix.so nullok_secure
Por
auth sufficient pam_unix.so auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so
7) Remplazar la siguiente línea en el archivo /etc/pamd.d/common-account
account required pam_unix.so
Por
account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so
8. Editar el archivo /etc/pam_ldap.conf y colocar el siguiente contenido
... # lines to be added base dc=platino,dc=gov,dc=ve uri ldaps://ldap.platino.gov.ve ldap_version 3 pam_password crypt
9. Arrancar el demonio nscd
10. Test the setup
