Blue Light
Space shortcuts
Child pages
  • Sandbox

Versions Compared

Old Version 48

changes.mady.by.user Sam

Saved on

compared with

New Version 49

changes.mady.by.user Sam

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
killall NetworkManager

 WORKS UNTIL HERE, CLIENTS BOOT

-----------------

Install and configure LDAP

...

emacs cn\=corba.ldif

#remove the {1?}  for the followinf following lines

Code Block
dn: cn=corba,cn=schema,cn=config 
... 
cn: corba

#also delete everything afterthe following lines

Code Block
structuralObjectClass: olcSchemaConfig entry
UUIDentryUUID: 52109a02-66ab-1030-8be2-bbf166230478 
creatorsName: cn=config 
createTimestamp: 20110829165435Z 
entryCSN: 20110829165435.935248Z#000000#000#000000 
modifiersName: cn=config 
modifyTimestamp: 20110829165435Z

...

ldapadd -Q -Y EXTERNAL -H ldapi:/// -f cn\=corba.ldif

ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config dn

 

Logging

emacs logging.ldif

Code Block
dn: cn=config
changetype: modify
add: olcLogLevel
olcLogLevel: stats

ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f logging.ldif

emacs /etc/rsyslog.conf

service rsyslog restart

Replication

emacs provider_sync.ldif

emacs /etc/apparmor.d/local/usr.sbin.slapd

sudo -u openldap mkdir /var/lib/ldap/accesslog

sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog

sudo service apparmor reload

ldapadd -Q -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif

service slapd restart

LDAP Authentication

apt-get install libnss-ldap

auth-client-config -t nss -p lac_ldap

pam-auth-update

apt-get install ldapscripts

emacs /etc/ldapscripts/ldapscripts.conf

sh -c "echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd"

chmod 400 /etc/ldapscripts/ldapscripts.passwd

ldapadduser geo users

...

Apt-get install nfs-kernel-server

emacs /etc/exports

emacs /etc/security/group.conf

...

#add the following lines at the end of the file

Code Block
# Disable rate limiting (default is 200 messages in 5 seconds; below we make the 5 become 0)
$SystemLogRateLimitInterval 0

service rsyslog restart


Replication

emacs provider_sync.ldif

Code Block
# Add indexes to the frontend db.
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: entryCSN eq
-
add: olcDbIndex
olcDbIndex: entryUUID eq
#Load the syncprov and accesslog modules.
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: syncprov
-
add: olcModuleLoad
olcModuleLoad: accesslog
# Accesslog database definitions
dn: olcDatabase={2}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {2}hdb
olcDbDirectory: /var/lib/ldap/accesslog
olcSuffix: cn=accesslog
olcRootDN: cn=admin,dc=bluelight,dc=av
olcDbIndex: default eq
olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart
# Accesslog db syncprov.
dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpNoPresent: TRUE
olcSpReloadHint: TRUE
# syncrepl Provider for primary db
dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpNoPresent: TRUE
# accesslog overlay definitions for primary db
dn: olcOverlay=accesslog,olcDatabase={1}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcAccessLogConfig
olcOverlay: accesslog
olcAccessLogDB: cn=accesslog
olcAccessLogOps: writes
olcAccessLogSuccess: TRUE
# scan the accesslog DB every day, and purge entries older than 7 days

emacs /etc/apparmor.d/local/usr.sbin.slapd

#add the following lines to the file

Code Block
/var/lib/ldap/accesslog/ r,
/var/lib/ldap/accesslog/** rwk,

sudo -u openldap mkdir /var/lib/ldap/accesslog

sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog

sudo service apparmor reload

ldapadd -Q -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif

service slapd restart



LDAP Authentication

apt-get install libnss-ldap

auth-client-config -t nss -p lac_ldap

pam-auth-update

 

User and Group Management

 

apt-get install ldapscripts

emacs /etc/ldapscripts/ldapscripts.conf

Code Block
SERVER=192.168.10.49
BINDDN='cn=admin,dc=bluelight,dc=av'
BINDPWDFILE="/etc/ldapscripts/ldapscripts.passwd"
SUFFIX='dc=bluelight,dc=av'
GSUFFIX='ou=Group'
USUFFIX='ou=People'
GIDSTART=2000
UIDSTART=2000
HOMESKEL="/etc/skel"
HOMEPERMS="700"
GTEMPLATE=""
UTEMPLATE=""
MTEMPLATE=""

sh -c "echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd"

chmod 400 /etc/ldapscripts/ldapscripts.passwd

ldapadduser geo users


Install and configure NFS

Apt-get install nfs-kernel-server

emacs /etc/exports

#add the following

Code Block
/home 192.168.10.0/24(rw,async,no_subtree_check)

emacs /etc/security/group.conf

#add the following at the end of the file

Code Block
gdm;*;*;Al0000-2400;plugdev,fuse,scanner,video,audio,lpadmin,cdrom,dip

emacs /etc/auth-client-config/profile.d/bl-ldap

Code Block
[bl-ldap]
nss_group=group: files ldap
nss_passwd=passwd: files ldap
nss_shadow=shadow: files ldap
nss_netgroup=netgroup: nis
pam_account=account sufficient pam_ldap.so
 account required pam_unix.so
pam_auth=auth sufficient pam_ldap.so
 auth required pam_unix.so nullok_secure use_first_pass
pam_password=password sufficient pam_ldap.so
 password required pam_unix.so nullok obscure min=4 max=8 md5
pam_session=session required pam_unix.so
 session required pam_mkhomedir.so skel=/etc/skel/
 session optional pam_ldap.so
 session optional pam_foreground.so

auth-client-config -S > /etc/auth-client-config/profile.d/original

auth-client-config -p bl-ldap -a

emacs /etc/pam.d/gdm

#add before "@include common-auth"

Code Block
auth optional pam_group.so

 

On the client:

Chroot in the client's system

...