...
We can list the existing profiles with and safe the current, untouched configuration and set our profile to the one we want
Code Block |
---|
auth-client-config -S > /etc/auth-client-config/profile.d/original-config auth-client-config -l auth-client-config -p lac_ldap -a |
This will update the files in /etc/pam.d/ and the nsswitch.conf
...
Code Block |
---|
# Copyright (C) 2005 Gana�l LAPLANCHE - Linagora # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, # USA. # Note for Debian users: # On Debian system ldapscripts will try to parse and use some system config. # Look on commented variables and description lines started with DEBIAN. # But you could override it's values here. # LDAP Configuration # DEBIAN: values from /etc/pam_ldap.conf are used. SERVER="ldap://localhost" BINDDN="cn=admin,dc=bluelight,dc=av" # The following file contains the raw password of the binddn # Create it with something like : echo -n 'secret' > $BINDPWDFILE # WARNING !!!! Be careful not to make this file world-readable # DEBIAN: /etc/pam_ldap.secret or /etc/ldap.secret are used. BINDPWDFILE="/etc/ldapscripts/ldapscripts.passwd" # For older versions of OpenLDAP, it is still possible to use # unsecure command-line passwords by defining the following option # AND commenting the previous one (BINDPWDFILE takes precedence) #BINDPWD="secret" # DEBIAN: values from /etc/pam_ldap.conf are used. SUFFIX="dc=bluelight,dc=av" # Global suffix GSUFFIX="ou=Groups" # Groups ou (just under $SUFFIX) USUFFIX="ou=Users" # Users ou (just under $SUFFIX) MSUFFIX="ou=Machines" # Machines ou (just under $SUFFIX) # Start with these IDs *if no entry found in LDAP* GIDSTART="10000" # Group ID UIDSTART="10000" # User ID #MIDSTART="20000" # Machine ID # User properties # DEBIAN: values from /etc/adduser.conf are used. #USHELL="/bin/sh" #UHOMES="/home/%u" # You may use %u for username here #CREATEHOMES="no" # Create home directories and set rights ? HOMESKEL="/etc/skel" # Directory where the skeleton files are located. Ignored if undefined or nonexistant. HOMEPERMS="700" # Default permissions for home directories # User passwords generation # Command-line used to generate a password for added users (you may use %u for username here) # WARNING !!!! This is evaluated, everything specified here will be run ! # Special value "<ask>" will ask for a password interactively #PASSWORDGEN="cat /dev/random | LC_ALL=C tr -dc 'a-zA-Z0-9' | head -c8" #PASSWORDGEN="head -c8 /dev/random | uuencode -m - | sed -n '2s|=*$||;2p' | sed -e 's|+||g' -e 's|/||g'" #PASSWORDGEN="pwgen" #PASSWORDGEN="echo changeme" #PASSWORDGEN="echo %u" #PASSWORDGEN="<ask>" #PASSWORDGEN="pwgen" # User passwords recording # you can keep trace of generated passwords setting PASSWORDFILE and RECORDPASSWORDS # (useful when performing a massive creation / net rpc vampire) # WARNING !!!! DO NOT FORGET TO DELETE THE GENERATED FILE WHEN DONE ! # WARNING !!!! DO NOT FORGET TO TURN OFF RECORDING WHEN DONE ! #RECORDPASSWORDS="no" #PASSWORDFILE="/var/log/ldapscripts_passwd.log" # Where to log #LOGFILE="/var/log/ldapscripts.log" # Temporary folder #TMPDIR="/tmp" # Various binaries used within the scripts # Warning : they also use uuencode, date, grep, sed, cut, expr, which... # Please check they are installed before using these scripts # Note that many of them should come with your OS # OpenLDAP client commands #LDAPSEARCHBIN="/usr/bin/ldapsearch" #LDAPADDBIN="/usr/bin/ldapadd" #LDAPDELETEBIN="/usr/bin/ldapdelete" #LDAPMODIFYBIN="/usr/bin/ldapmodify" #LDAPMODRDNBIN="/usr/bin/ldapmodrdn" #LDAPPASSWDBIN="/usr/bin/ldappasswd" # Character set conversion : $ICONVCHAR <-> UTF-8 # Comment ICONVBIN to disable UTF-8 conversion #ICONVBIN="/usr/bin/iconv" #ICONVCHAR="ISO-8859-15" # Base64 decoding # Comment UUDECODEBIN to disable Base64 decoding #UUDECODEBIN="/usr/bin/uudecode" # Getent command to use - choose the ones used # on your system. Leave blank or comment for auto-guess. # GNU/Linux #GETENTPWCMD="getent passwd" #GETENTGRCMD="getent group" # FreeBSD #GETENTPWCMD="pw usershow" #GETENTGRCMD="pw groupshow" # Auto GETENTPWCMD="" GETENTGRCMD="" # You can specify custom LDIF templates here # Leave empty to use default templates # See *.template.sample for default templates #GTEMPLATE="/path/to/ldapaddgroup.template" #UTEMPLATE="/path/to/ldapadduser.template" #MTEMPLATE="/path/to/ldapaddmachine.template" GTEMPLATE="" UTEMPLATE="" MTEMPLATE="" |
Add a user
Code Block |
---|
ldapadduser testuser users |
Install and configure NFS
install the main packet
Code Block |
---|
aptitude install nfs-kernel-server |
and configure the shares by adding following to /etc/exports
Code Block |
---|
/home 192.168.10.0/24(rw,async,no_subtree_check) |
On the client:
Chroot in the client's system
...