Linux Mint - Free and powerful

Friday, 12 September 2014

FedoraDirectoryServerClientHowto - Community Help Wiki

FedoraDirectoryServerClientHowto - Community Help Wiki:



'via Blog this'




Introduction

This howto is based on my FedoraDirectoryServer howto and I am going to tell you here how you are going to connect Ubuntu clients with Fedora-ds installed in another Ubuntu server. I will stick to the the following example scenario. Change your setting appropriately. This howto can be used your own LDAP server as well.
My test setup is like this:
FosseduAutoHome.jpg

Installing LDAP Client Packages

We need to install necessary client packages and setup them initially. To install all packages:
  sudo apt-get install libpam-ldap libnss-ldap
During the installation it will ask few questions and don't worry about them but keep accepting the default settings since we are going to modify them manually later.

Configuring Configuring nsswitch.conf file

The nsswitch.conf file is responsible for switching the authentication order in Linux and we need to setup to accept LDAP authentication. To edit the file:
sudo vi /etc/nsswitch.conf
Then we need change compat with files ldap. Use the following command in vi command mode
%s/compat/files ldap/g
Now your changes will reflect as follows in /etc/nsswitch.conf
...
passwd:         files ldap
group:          files ldap
shadow:         files ldap
...
The order files ldap will look /etc/passwd file first and then look LDAP for authentication.

Modifying /etc/pam_ldap.conf file

We now replace above file with our version of this file. To backup the original file :
cd /etc
sudo mv pam_ldap.conf pam_ldap.conf.orig
The open a new file and copy and paste the following contents the new file. (On Karmic (9.10) the file to edit is /etc/ldap.conf)
sudo vi /etc/pam_ldap.conf
Copy and paste the following code segment.
host    10.0.0.1

suffix          "dc=fossedu,dc=org"

uri ldap://10.0.0.1
pam_password exop

ldap_version 3
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberuid
nss_base_passwd ou=People,dc=fossedu,dc=org
nss_base_shadow ou=People,dc=fossedu,dc=org
nss_base_group  ou=Groups,dc=fossedu,dc=org

scope one
Replace "dc=fossedu,dc=com" with your own distinguished name of the search base. For example dc=yourdoman,dc=com

Configuring PAM

The PAM configuration is split in 4 files: common-account, common-auth, common-password and common-session. Let us keep our original files back up in case we need a recovery again to our original setup. To backup original files:
cd /etc/pam.d
for name in `ls common-*` ; do sudo mv "$name" "$name".orig ; done
mv 

Setting common-account

sudo vi /etc/pam.d/common-account
Copy and paste the following code segment.
account sufficient      pam_ldap.so
account required        pam_unix.so

Setting common-auth

sudo vi /etc/pam.d/common-auth
Copy and paste the following code segment
auth    sufficient      pam_ldap.so
auth    required        pam_unix.so nullok_secure use_first_pass

Setting common-password

sudo vi /etc/pam.d/common-password
Copy and paste the following code segment.
password        sufficient      pam_ldap.so
password        required        pam_unix.so nullok obscure min=4 max=8 md5

Setting common-session

sudo vi /etc/pam.d/common-session
Copy and paste the following code segment.
session sufficient      pam_ldap.so
session required        pam_unix.so

Testing the Setup

Let's test our setup now. To test LDAP connectivity:
getent passwd fmaster
Your output should be something like this:
fmaster:x:1006:1006:Foss Master:/home/fsmaster:/bin/bash

Automatically Mounting User's Home Directory

We need to mount user's home directory when they login to a system and we try to manage our users as roaming users. Install following packages in all of your client system to enable this.

Setup your server for NFS Exports

In the Ubuntu server to which your have install Fedora-ds we need to export users home directories via NFS
To install NFS server
sudo apt-get install nfs-kernel-server
To export the file system, setup /etc/exports.
sudo vi /etc/exports
Add the following code segment into the file.
/ahome          10.0.0.0/24(rw,sync,root_squash)
Export the file system
sudo exportfs -arv
Your output should look like:
 exporting 10.0.0.0/24:/ahome
To veryfiy nfs exports
sudo exportfs -v
Output:
/home          10.0.0.0/24(rw,wdelay,root_squash)

Setting up clients for NFS and autofs

To install nfs clients and autofs
sudo apt-get install autofs nfs-common

Setting autofs

Create auto.ahome file.
sudo vi /etc/auto.ahome
Add the following code segment to this file.
*       -fstype=nfs,rw,hard,intr,rsize=2048,wsize=2048,nosuid,nfsvers=3 10.0.0.1:/ahome/&
Create a mount point for auto homes
sudo mkdir /ahome
Add auto.home file to /etc/auto.master
sudo vi /etc/auto.master
Add the the following code segment to the above file
/ahome       /etc/auto.ahome      --timeout=120
Restart autofs
sudo /etc/init.d/autofs restart
To test your setup login as fmaster
If you can login, Cheers !!!
Howto created by: ChinthakaDeshapriya.

0 comments :

Post a Comment

Thank you for taking the time to comment. Your opinion is important and of value and we appreciate the positive feedback! If you are "Negative Nancy" then please do us, and humanity, a favor, and piss off.

Total Pageviews

Google+ Followers

Pages

Blog Archive

Popular Posts

Recent Comments

Rays Twitter feed

Ads

Web sites come and go and information is lost and therefore some pages are archived. @rayd123. Powered by Blogger.