Blue Light
Space shortcuts
Child pages
  • Sandbox

Versions Compared

Old Version 35

changes.mady.by.user Sam

Saved on

compared with

New Version 36

changes.mady.by.user Sam

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Install and configure LTSP

On the server:

if not done before configure the sources.list file to use the cache of the server:

...

Code Block
LOCAL_APPS_EXTRAMOUNTS=/srv

 

-------------------------

Install and configure DHCP

apt-get install dhcp3-server

cp /etc/ltsp/dhcpd.conf /etc/ltsp/dhcpd-backup.conf

sudo emacs /etc/ltsp/dhcpd.conf

sudo emacs /etc/network/interfaces

sudo /etc/init.d/networking start

 

install and configure LDAP

apt-get install slapd ldap-utils ldapscripts

emacs frontend.bluelight.av.ldif

Code Block
dn: ou=Users,dc=bluelight,dc=av
objectClass: organizationalUnit
ou: Users
dn: ou=Groups,dc=bluelight,dc=av
objectClass: organizationalUnit
ou: Groups

ldapadd -x -D cn=admin,dc=bluelight,dc=av -W -f frontend.bluelight.av.ldif

 

emacs slapd.d/cn\=config/olcDatabase\=\{1\}hdb.ldif 

Code Block
File Edit Options Buffers Tools Help 
dn: olcDatabase={1}hdb
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=bluelight,dc=av
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou
 s auth by dn="cn=admin,dc=bluelight,dc=av" write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by self write by dn="cn=admin,dc=bluelight,dc=av" write by
 * read
olcLastMod: TRUE
olcRootDN: cn=admin,dc=bluelight,dc=av
olcRootPW:: e1NTSEF9ZHVjOVVVLytLcnpqMEtaRDhtWHkwMWxMcmFrUVkrN2I=
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: objectClass eq
structuralObjectClass: olcHdbConfig
entryUUID: 8cf0846c-d6d0-1030-8040-b16ccc9dfedc
creatorsName: cn=config
createTimestamp: 20120119100316Z
entryCSN: 20120119100316.322583Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20120119100316Z

emacs slapd.d/cn\=config/olcDatabase\=\{0\}config.ldif

Code Block
dn: olcDatabase={0}config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external
 ,cn=auth manage by * break
structuralObjectClass: olcDatabaseConfig
entryUUID: 8ce93b12-d6d0-1030-8038-b16ccc9dfedc
creatorsName: cn=config
createTimestamp: 20120119100316Z
entryCSN: 20120119100316.274833Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20120119100316Z

 

 

apt-get install ldap-auth-client auth-client-config

emacs /etc/ldapscripts/ldapscripts.conf

Code Block
title/etc/ldapscripts/ldapscripts.conf
SERVER="ldap://localhost"
BINDDN="cn=admin,dc=bluelight,dc=av"
BINDPWDFILE="/etc/ldapscripts/ldapscripts.passwd"
SUFFIX="dc=bluelight,dc=av" # Global suffix
GSUFFIX="ou=Groups" # Groups ou (just under $SUFFIX)
USUFFIX="ou=Users" # Users ou (just under $SUFFIX)
GIDSTART="2000" # Group ID
UIDSTART="2000" # User ID
HOMESKEL="/etc/skel" # Directory where the skeleton files are located. Ignored if undefined or nonexistant.
HOMEPERMS="700" # Default permissions for home directories
GETENTPWCMD=""
GETENTGRCMD=""
GTEMPLATE=""
UTEMPLATE=""
MTEMPLATE=""

emacs /etc/ldapscripts/ldapscripts.passwd

Code Block
secret

emacs /usr/share/ldapscripts/runtime.debian

Code Block
### This file predefine some ldapscripts variables for Debian boxes.
#
# Copyright (c) 2005 Gana�l LAPLANCHE - Linagora
# Copyright (c) 2005-2007 Pierre Habouzit
# Copyright (c) 2009 Alexander GQ Gerasiov
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
# USA.
##### Beginning of ldapscripts configuration #####
getfield() {
 local field="$1"
 local conffile='/etc/ldap.conf'
 if [ -f "$conffile" ];then
 local value="$(awk "/^[ \t]*$field/ {sub(/^[ \t]*$field[ \t]*/,\"\"); sub(/[ \t]*(#.*)?\$/, \"\"); print \$0}" "$conffile")"
 else
 local value="$2"
 fi
 echo ${value:-$2}
}
getsuffix() {
 field="$1"
 value="$(getfield "$1" | sed -e "s/,.*$//")"
 echo ${value:-$2}
}
# LDAP Configuration
SERVER=$(getfield uri "$(getfield host '')" | awk '{print $1}')
BINDDN=$(getfield rootbinddn '')
if [ -f /etc/libnss-ldap.secret ];then
 BINDPWDFILE=/etc/libnss-ldap.secret
elif [ -f /etc/ldap.secret ];then
 BINDPWDFILE=/etc/ldap.secret
fi
SUFFIX=`getfield base`
GSUFFIX=`getsuffix nss_base_group 'ou=Group'`
USUFFIX=`getsuffix nss_base_passwd 'ou=People'`
MSUFFIX=`getsuffix nss_base_hosts 'ou=Hosts'`
# User properties
[ -f /etc/adduser.conf ] && . /etc/adduser.conf
USHELL=${DSHELL:-"/bin/bash"}
UHOMES=${DHOME:-"/home"}"/%u"
HOMESKEL=${SKEL:-"/etc/skel"}
HOMEPERMS=${DIR_MODE:-"0755"}
TMPDIR="/tmp"
pamfile='/etc/ldap/ldap.conf'
##### End of configuration #####

 

ldapadduser testuser users 

On the client:

Chroot in the client's system

 

 

 

Install and configure LDAP

following is working for clients using 8.04 and 8.10
install some software

Code Block
aptitude install auth-client-config ldap-auth-client

provide the uri for the ldap server: ldap://192.168.10.1
provide the distinguished name: dc=bluelight,dc=av
LDAP version 3
Make local root database: yes
Does the LDAP database require login? no
LDAP account for root: cn=admin,dc=bluelight,dc=av

safe following as a file in /etc/auth-client-config/profile.d/bl-ldap

Code Block
title/etc/auth-client-config/profile.d/bl-ldap
[bl-ldap]
nss_group=group: files ldap
nss_passwd=passwd: files ldap
nss_shadow=shadow: files ldap
nss_netgroup=netgroup: nis
pam_account=account    sufficient   pam_ldap.so
        account    required     pam_unix.so
pam_auth=auth       sufficient   pam_ldap.so
        auth       required     pam_unix.so nullok_secure use_first_pass
pam_password=password   sufficient   pam_ldap.so
        password   required     pam_unix.so nullok obscure min=4 max=8 md5
pam_session=session    required     pam_unix.so
        session    required     pam_mkhomedir.so skel=/etc/skel/
        session    optional     pam_ldap.so
        session    optional     pam_foreground.so

safe the current settings and tell pam to use ldap

Code Block
auth-client-config -S > /etc/auth-client-config/profile.d/original
auth-client-config -p bl-ldap -a

add following to /etc/security/group.conf

Code Block
gdm;*;*;Al0000-2400;plugdev,fuse,scanner,video,audio,lpadmin,cdrom,dip

add following line to /etc/pam.d/gdm right before @include common-auth

Code Block
auth	optional	pam_group.so

make sure that the ldap settings are correct, as specified in /etc/ldap.conf

Code Block
base dc=bluelight,dc=av
uri ldap://192.168.10.1
ldap_version 3
rootbinddn cn=admin,dc=bluelight,dc=av
pam_password md5
nss_initgroups_ignoreusers avahi,avahi-autoipd,backup,bin,daemon,dhcpd,games,gdm,gnats,haldaemon,hplip,irc,klog,libuuid,list,lp,mail,man,messagebus,nbd,news,polkituser,proxy,pulse,root,saned,sshd,statd,sync,sys,syslog,uucp,www-data

little reminder, see following grep command to strip of the comments and newlines

Code Block
grep -v -e ^$ -e ^# /etc/ldap.conf

Make the client ready for nfs

install the needed packets

Code Block
aptitude install nfs-client

make the fstab ready for mounting the home directory

Code Block
title/etc/fstab
nfsserver.bluelight.av:/home	/home	nfs	defaults	0	0