Mailinglist Archive: opensuse (3337 mails)

< Previous Next >
RE: [SLE] LDAP How to
  • From: "Drew Burchett" <DrewB@xxxxxxxxxxxxxxxxxx>
  • Date: Mon, 24 Apr 2006 07:35:12 -0500
  • Message-id: <1E75E79B854C814784D0E8C5BA55AF76C02AE3@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Oh, and one other thing I forgot to mention. This may not pertain to
your situation, but I could not get this to work at all until I
uninstalled the openldap that came with SuSE and recompiled a downloaded
version that excluded the cyrus sasl libraries

Drew Burchett
United Systems & Software
http://www.united-systems.com
Phone: (270)527-3293
Fax: (270)527-3132


> -----Original Message-----
> From: Drew Burchett
> Sent: Monday, April 24, 2006 6:57 AM
> To: Suse
> Subject: RE: [SLE] LDAP How to
>
> > >> Is there any good suse 10 and ldap how to's available? I have
> exhausted
> > >> my little ldap experience in trying to help get my friend going
but
> now
> > >> luck.
>
> I don't know that all these steps are strictly necessary because I
> cobbled this together from a number of different howtos, but here's
how
> I set my box up to authenticate against AD using LDAP.
>
> Edit /etc/ldap.conf as below:
>
> host my.ldap.host
> base DC=domain,DC=local
> ldap_version 3
> binddn cn=aduser,dc=domain,dc=local
> bindpw aduserpass
> scope sub
> nss_base_passwd ou=Users,dc=domain,dc=local?sub
> nss_base_shadow ou=Users,dc=domain,dc=local?sub
> nss_base_group ou=Users,dc=domain,dc=local?sub
> pam_password ad
> pam_login_attribute sAMAccountName
> pam_member_attribute msSFU30PosixMember
> nss_map_objectclass posixAccount user
> nss_map_objectclass shadowAccount user
> nss_map_objectclass posixGroup Group
> nss_map_attribute uid sAMAccountName
> nss_map_attribute uidNumber msSFU30UidNumber
> nss_map_attribute gidNumber msSFU30GidNumber
> nss_map_attribute loginShell msSFU30LoginShell
> nss_map_attribute gecos msSFU30Gecos
> nss_map_attribute userPassword msSFU30Password
> nss_map_attribute homeDirectory msSFU30HomeDirectory
> nss_map_attribute uniqueMember msSFU30PosixMember
> ssl no
>
> Edit /etc/samba/smb.conf
>
> [global]
> unix charset = LOCALE
> workgroup = OLK_LOCAL
> realm = DOMAIN.LOCAL
> server string = Monitor Server
> security = ADS
> username map = /etc/samba/smbusers
> log level = 1
> syslog = 0
> log file = /var/log/samba/%m
> max log size = 50
> printcap name = cups
> ldap ssl = no
> template shell = /bin/bash
> printing = cups
> winbind use default domain = yes
> [homes]
> comment = Home Directories
> valid users = %S
> browseable = No
> read only = No
>
> Edit /etc/nsswitch.conf
>
> passwd: compat ldap
> shadow: files ldap
> group: compat ldap
>
> hosts: files dns wins
> networks: files dns
> services: files ldap
> protocols: files
> rpc: files
> ethers: files
> netmasks: files
> publickey: files
> bootparams: files
> automount: files
> aliases: files ldap
> passwd_compat: ldap
> group_compat: ldap
> netgroup: files ldap
>
> Edit /etc/pam.d/common-auth
>
> auth sufficient pam_ldap.so
> auth required pam_env.so
> auth required pam_unix2.so use_first_pass
>
> Edit /etc/pam.d/common-account
>
> account sufficient pam_ldap.so
> account required pam_unix2.so
>
> Edit /etc/krb5.conf
>
> [libdefaults]
> default_realm = DOMAIN.LOCAL
> clockskew = 300
>
> [realms]
> ONLINEKY.LOCAL = {
> kdc = mydomainserver.domain.local
> default_domain = DOMAIN.LOCAL
> admin_server = mydomainserver.domain.local
> }
>
> [logging]
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmin.log
> default = FILE:/var/log/krb5lib.log
> [domain_realm]
> .DOMAIN.LOCAL = DOMAIN.LOCAL
> [appdefaults]
> pam = {
> ticket_lifetime = 1d
> renew_lifetime = 1d
> forwardable = true
> proxiable = false
> retain_after_close = false
> minimum_uid = 0
> try_first_pass = true
> }
>
>
> Restart your machine and make sure smbd, nmbd and winbindd are
running.
> Wbinfo -u should give you a list of ldap users. Getent passwd should
> show ALL users, ldap and local, and getent group should show all
groups,
> ldap and local. If you aren't using AD, you probably don't need the
> Kerberos setup.
>
> Drew Burchett
> United Systems & Software
> http://www.united-systems.com
> Phone: (270)527-3293
> Fax: (270)527-3132
>
>
>
> --
> CONFIDENTIALITY NOTICE: This e-mail message, including any
attachments, is
> for the sole use of the intended recipient(s) and may contain
confidential
> and privileged information. Any unauthorized review, use, disclosure
or
> distribution is prohibited. If you are not the intended recipient,
please
> contact the sender by reply e-mail and destroy all copies of the
original
> message.
>
> --
> This message has been scanned for viruses and dangerous content by
> MailScanner and is believed to be clean.
>
>
> --
> Check the headers for your unsubscription address
> For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
> Also check the archives at http://lists.suse.com
> Please read the FAQs: suse-linux-e-faq@xxxxxxxx
>



--
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.

--
This message has been scanned for viruses and dangerous content by MailScanner and is believed to be clean.


< Previous Next >