...
Code Block |
---|
killall NetworkManager |
WORKS UNTIL HERE, CLIENTS BOOT
-----------------
Install and configure LDAP
...
emacs cn\=corba.ldif
#remove the {1?} for the followinf following lines
Code Block |
---|
dn: cn=corba,cn=schema,cn=config ... cn: corba |
#also delete everything afterthe following lines
Code Block |
---|
structuralObjectClass: olcSchemaConfig entry UUIDentryUUID: 52109a02-66ab-1030-8be2-bbf166230478 creatorsName: cn=config createTimestamp: 20110829165435Z entryCSN: 20110829165435.935248Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20110829165435Z |
...
|
ldapadd -Q -Y EXTERNAL -H ldapi:/// -f cn\=corba.ldif
ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config dn
Logging
emacs logging.ldif
Code Block |
---|
dn: cn=config
changetype: modify
add: olcLogLevel
olcLogLevel: stats |
ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f logging.ldif
emacs /etc/rsyslog.conf
service rsyslog restart
Replication
emacs provider_sync.ldif
emacs /etc/apparmor.d/local/usr.sbin.slapd
sudo -u openldap mkdir /var/lib/ldap/accesslog
sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog
sudo service apparmor reload
ldapadd -Q -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif
service slapd restart
LDAP Authentication
apt-get install libnss-ldap
auth-client-config -t nss -p lac_ldap
pam-auth-update
apt-get install ldapscripts
emacs /etc/ldapscripts/ldapscripts.conf
sh -c "echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd"
chmod 400 /etc/ldapscripts/ldapscripts.passwd
ldapadduser geo users
...
Apt-get install nfs-kernel-server
emacs /etc/exports
emacs /etc/security/group.conf
...
#add the following lines at the end of the file
Code Block |
---|
# Disable rate limiting (default is 200 messages in 5 seconds; below we make the 5 become 0)
$SystemLogRateLimitInterval 0 |
service rsyslog restart
Replication
emacs provider_sync.ldif
Code Block |
---|
# Add indexes to the frontend db.
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: entryCSN eq
-
add: olcDbIndex
olcDbIndex: entryUUID eq
#Load the syncprov and accesslog modules.
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: syncprov
-
add: olcModuleLoad
olcModuleLoad: accesslog
# Accesslog database definitions
dn: olcDatabase={2}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {2}hdb
olcDbDirectory: /var/lib/ldap/accesslog
olcSuffix: cn=accesslog
olcRootDN: cn=admin,dc=bluelight,dc=av
olcDbIndex: default eq
olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart
# Accesslog db syncprov.
dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpNoPresent: TRUE
olcSpReloadHint: TRUE
# syncrepl Provider for primary db
dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpNoPresent: TRUE
# accesslog overlay definitions for primary db
dn: olcOverlay=accesslog,olcDatabase={1}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcAccessLogConfig
olcOverlay: accesslog
olcAccessLogDB: cn=accesslog
olcAccessLogOps: writes
olcAccessLogSuccess: TRUE
# scan the accesslog DB every day, and purge entries older than 7 days |
emacs /etc/apparmor.d/local/usr.sbin.slapd
#add the following lines to the file
Code Block |
---|
/var/lib/ldap/accesslog/ r,
/var/lib/ldap/accesslog/** rwk, |
sudo -u openldap mkdir /var/lib/ldap/accesslog
sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog
sudo service apparmor reload
ldapadd -Q -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif
service slapd restart
LDAP Authentication
apt-get install libnss-ldap
auth-client-config -t nss -p lac_ldap
pam-auth-update
User and Group Management
apt-get install ldapscripts
emacs /etc/ldapscripts/ldapscripts.conf
Code Block |
---|
SERVER=192.168.10.49
BINDDN='cn=admin,dc=bluelight,dc=av'
BINDPWDFILE="/etc/ldapscripts/ldapscripts.passwd"
SUFFIX='dc=bluelight,dc=av'
GSUFFIX='ou=Group'
USUFFIX='ou=People'
GIDSTART=2000
UIDSTART=2000
HOMESKEL="/etc/skel"
HOMEPERMS="700"
GTEMPLATE=""
UTEMPLATE=""
MTEMPLATE="" |
sh -c "echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd"
chmod 400 /etc/ldapscripts/ldapscripts.passwd
ldapadduser geo users
Install and configure NFS
Apt-get install nfs-kernel-server
emacs /etc/exports
#add the following
Code Block |
---|
/home 192.168.10.0/24(rw,async,no_subtree_check) |
emacs /etc/security/group.conf
#add the following at the end of the file
Code Block |
---|
gdm;*;*;Al0000-2400;plugdev,fuse,scanner,video,audio,lpadmin,cdrom,dip |
emacs /etc/auth-client-config/profile.d/bl-ldap
Code Block |
---|
[bl-ldap]
nss_group=group: files ldap
nss_passwd=passwd: files ldap
nss_shadow=shadow: files ldap
nss_netgroup=netgroup: nis
pam_account=account sufficient pam_ldap.so
account required pam_unix.so
pam_auth=auth sufficient pam_ldap.so
auth required pam_unix.so nullok_secure use_first_pass
pam_password=password sufficient pam_ldap.so
password required pam_unix.so nullok obscure min=4 max=8 md5
pam_session=session required pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel/
session optional pam_ldap.so
session optional pam_foreground.so |
auth-client-config -S > /etc/auth-client-config/profile.d/original
auth-client-config -p bl-ldap -a
emacs /etc/pam.d/gdm
#add before "@include common-auth"
Code Block |
---|
auth optional pam_group.so |
On the client:
Chroot in the client's system
...