“UbuntuHelp:FedoraDirectoryServerClientHowto”的版本间的差异

2007年11月30日 (五) 17:12的版本

文章出处:

https://help.ubuntu.com/community/FedoraDirectoryServerClientHowto

点击翻译:

English

请不要直接编辑翻译本页，本页将定期与来源同步。

Introduction

This howto is based on my FedoraDirectoryServer howto and I am going to tell you here how you are going to connect Ubuntu clients with Fedora-ds installed in another Ubuntu server. I will stick to the the following example scenario. Change your setting appropriately. This howto can be used your own LDAP server as well. My test setup is like this: FedoraDirectoryServerClientHowto?action=AttachFile&do=get&target=FosseduAutoHome.jpg

Installing LDAP Client Packages

We need to install necessary client packages and setup them initially. To install all packages:

sudo apt-get install libpam-ldap libnss-ldap

During the installation it will ask few questions and don't worry about them but keep accepting the default settings since we are going to modify them manually later.

Configuring Configuring nsswitch.conf file

The nsswitch.conf file is responsible for switching the authentication order in Linux and we need to setup to accept LDAP authentication. To edit the file:

sudo vi /etc/nsswitch.conf

Then we need change compat with files ldap. Use the following command in vi command mode

%s/compat/files ldap/g

Now your changes will reflect as follows in /etc/nsswitch.conf

...
passwd:         files ldap
group:          files ldap
shadow:         files ldap
...

The order files ldap will look /etc/passwd file first and then look LDAP for authentication.

Modifying /etc/pam_ldap.conf file

We now replace above file with our version of this file. To backup the original file :

cd /etc
sudo mv pam_ldap.conf pam_ldap.conf.orig

The open a new file and copy and paste the following contents the new file.

sudo vi /etc/pam_ldap.conf

Copy and paste the following code segment.

host    10.0.0.1
suffix          "dc=fossedu,dc=org"
uri ldap://10.0.0.1
pam_password exop
ldap_version 3
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberuid
nss_base_passwd ou=People,dc=fossedu,dc=org
nss_base_shadow ou=People,dc=fossedu,dc=org
nss_base_group  ou=Groups,dc=fossedu,dc=org
scope one

Replace "dc=fossedu,dc=com" with your own distinguished name of the search base. For example dc=yourdoman,dc=com

Configuring PAM

The PAM configuration is split in 4 files: common-account, common-auth, common-password and common-session. Let us keep our original files back up in case we need a recovery again to our original setup. To backup original files:

cd /etc/pam.d
for name in `ls common-*` ; do sudo mv "$name" "$name".orig ; done
mv

Setting common-account

 
sudo vi /etc/pam.d/common-account

Copy and paste the following code segment.

account sufficient      pam_ldap.so
account required        pam_unix.so

Setting common-auth

 
sudo vi /etc/pam.d/common-auth

Copy and paste the following code segment

auth    sufficient      pam_ldap.so
auth    required        pam_unix.so nullok_secure use_first_pass

Setting common-password

 
sudo vi /etc/pam.d/common-password

Copy and paste the following code segment.

password        sufficient      pam_ldap.so
password        required        pam_unix.so nullok obscure min=4 max=8 md5

Setting common-session

 
sudo vi /etc/pam.d/common-session

Copy and paste the following code segment.

session sufficient      pam_ldap.so
session required        pam_unix.so

Testing the Setup

Let's test our setup now. To test LDAP connectivity:

getent passwd fmaster

Your output should be something like this:

fmaster:x:1006:1006:Foss Master:/home/fsmaster:/bin/bash

Automatically Mounting User's Home Directory

We need to mount user's home directory when they login to a system and we try to manage our users as roaming users. Install following packages in all of your client system to enable this.

Setup your server for NFS Exports

In the Ubuntu server to which your have install Fedora-ds we need to export users home directories via NFS To install NFS server

sudo apt-get install nfs-kernel-server

To export the file system, setup /etc/exports.

sudo vi /etc/exports

Add the following code segment into the file.

/ahome          10.0.0.0/24(rw,sync,root_squash)

Export the file system

sudo exportfs -arv

Your output should look like:

exporting 10.0.0.0/24:/ahome

To veryfiy nfs exports

sudo exportfs -v

Output:

/home          10.0.0.0/24(rw,wdelay,root_squash)

Setting up clients for NFS and autofs

To install nfs clients and autofs

sudo apt-get install autofs nfs-common

Setting autofs

Create auto.ahome file.

sudo vi /etc/auto.ahome

Add the following code segment to this file.

*       -fstype=nfs,rw,hard,intr,rsize=2048,wsize=2048,nosuid,nfsvers=3 10.0.0.1:/ahome/&

Create a mount point for auto homes

sudo mkdir /ahome

Add auto.home file to /etc/auto.master

sudo vi /etc/auto.master

Add the the following code segment to the above file

/ahome       /etc/auto.ahome      --timeout=120

Restart autofs

sudo /etc/init.d/autofs restart

To test your setup login as fmaster If you can login, Cheers !!! Howto created by: ChinthakaDeshapriya.

个人工具

“UbuntuHelp:FedoraDirectoryServerClientHowto”的版本间的差异 - Ubuntu中文

搜索

导航

编辑

工具

“UbuntuHelp:FedoraDirectoryServerClientHowto”的版本间的差异

来自Ubuntu中文

2007年11月30日 (五) 17:12的版本

目录

Introduction

Installing LDAP Client Packages

Configuring Configuring nsswitch.conf file

Modifying /etc/pam_ldap.conf file

Configuring PAM

Setting common-account

Setting common-auth

Setting common-password

Setting common-session

Testing the Setup

Automatically Mounting User's Home Directory

Setup your server for NFS Exports

Setting up clients for NFS and autofs

Setting autofs

@@ 第1行： / 第1行： @@
 {{From|https://help.ubuntu.com/community/FedoraDirectoryServerClientHowto}}
 {{Languages|UbuntuHelp:FedoraDirectoryServerClientHowto}}
 == Introduction ==
 This howto is based on my FedoraDirectoryServer howto and I am going to tell you here how you are going to connect Ubuntu clients with Fedora-ds installed in another Ubuntu  server. I will stick to the the following example scenario. Change your setting appropriately. This howto can be used your own LDAP server as well.
 My test setup is like this:
 https://help.ubuntu.com/community/FedoraDirectoryServerClientHowto?action=AttachFile&do=get&target=FosseduAutoHome.jpg
 == Installing LDAP Client Packages ==
 We need to install necessary client packages and setup them initially. To install all  packages:
 <pre><nowiki>
 sudo apt-get install libpam-ldap libnss-ldap
 </nowiki></pre>
 During the installation it will ask few questions and don't worry about them but keep accepting the default settings since we are going to modify them manually later.
 == Configuring Configuring nsswitch.conf file ==
 The nsswitch.conf file is responsible for switching the authentication order in Linux and we need to setup to accept LDAP authentication. To edit the file:
 <pre><nowiki>
 sudo vi /etc/nsswitch.conf
 </nowiki></pre>
 Then we need change <code><nowiki>compat</nowiki></code> with <code><nowiki>files ldap</nowiki></code>. Use the following command in vi command mode
 <pre><nowiki>
 %s/compat/files ldap/g
 </nowiki></pre>
 Now your changes will reflect as follows in /etc/nsswitch.conf
 <pre><nowiki>
@@ 第42行： / 第28行： @@
 ...
 </nowiki></pre>
 The order <code><nowiki>files ldap</nowiki></code> will look <code><nowiki>/etc/passwd</nowiki></code>  file first and then look LDAP for authentication.
 == Modifying /etc/pam_ldap.conf file ==
 We now replace above file with our version of this file. To backup the original file   :
 <pre><nowiki>
 cd /etc
 sudo mv pam_ldap.conf pam_ldap.conf.orig
 </nowiki></pre>
 The open a new file and copy and paste the following contents the new file.
 <pre><nowiki>
 sudo vi /etc/pam_ldap.conf
 </nowiki></pre>
 Copy and paste the following code segment.
 <pre><nowiki>
 host    10.0.0.1
 suffix          "dc=fossedu,dc=org"
 uri ldap://10.0.0.1
 pam_password exop
 ldap_version 3
 pam_filter objectclass=posixAccount
@@ 第76行： / 第52行： @@
 nss_base_shadow ou=People,dc=fossedu,dc=org
 nss_base_group  ou=Groups,dc=fossedu,dc=org
 scope one
 </nowiki></pre>
 Replace <code><nowiki>"dc=fossedu,dc=com"</nowiki></code> with your own distinguished name of the search base. For example <code><nowiki>dc=yourdoman,dc=com</nowiki></code>
 == Configuring PAM ==
 The PAM configuration is split in 4 files: common-account, common-auth, common-password and common-session. Let us keep our original files back up in case we need a recovery again to our original setup. To backup original files:
 <pre><nowiki>
 cd /etc/pam.d
@@ 第91行： / 第62行： @@
 mv
 </nowiki></pre>
 === Setting common-account ===
 <pre><nowiki>
 sudo vi /etc/pam.d/common-account
 </nowiki></pre>
 Copy and paste the following code segment.
 <pre><nowiki>
 account sufficient      pam_ldap.so
 account required        pam_unix.so
 </nowiki></pre>
 === Setting common-auth ===
 <pre><nowiki>
 sudo vi /etc/pam.d/common-auth
 </nowiki></pre>
 Copy and paste the following code segment
 <pre><nowiki>
 auth    sufficient      pam_ldap.so
 auth    required        pam_unix.so nullok_secure use_first_pass
 </nowiki></pre>
 === Setting common-password ===
 <pre><nowiki>
 sudo vi /etc/pam.d/common-password
 </nowiki></pre>
 Copy and paste the following code segment.
 <pre><nowiki>
 password        sufficient      pam_ldap.so
 password        required        pam_unix.so nullok obscure min=4 max=8 md5
 </nowiki></pre>
 === Setting common-session ===
 <pre><nowiki>
 sudo vi /etc/pam.d/common-session
 </nowiki></pre>
 Copy and paste the following code segment.
 <pre><nowiki>
 session sufficient      pam_ldap.so
 session required        pam_unix.so
 </nowiki></pre>
 === Testing the Setup ===
 Let's test our setup now. To test LDAP connectivity:
 <pre><nowiki>
 getent passwd fmaster
 </nowiki></pre>
 Your output should be something like this:
 <pre><nowiki>
 fmaster:x:1006:1006:Foss Master:/home/fsmaster:/bin/bash
 </nowiki></pre>
 == Automatically Mounting User's Home Directory ==
 We need to mount user's home directory when they login to a system and we try to  manage our users as roaming users. Install following packages in all of your client system to enable this.
 === Setup your server for NFS Exports ===
 In the Ubuntu server to which your have install Fedora-ds we need to export users home directories via NFS
 '''To install NFS server'''
 <pre><nowiki>
 sudo apt-get install nfs-kernel-server
 </nowiki></pre>
 To export the file system, setup <code><nowiki>/etc/exports</nowiki></code>.
 <pre><nowiki>
 sudo vi /etc/exports
 </nowiki></pre>
 Add the following code segment into the file.
 <pre><nowiki>
 /ahome          10.0.0.0/24(rw,sync,root_squash)
 </nowiki></pre>
 '''Export the file system'''
 <pre><nowiki>
 sudo exportfs -arv
 </nowiki></pre>
 Your output should look like:
 <pre><nowiki>
 exporting 10.0.0.0/24:/ahome
 </nowiki></pre>
 '''To veryfiy nfs exports'''
 <pre><nowiki>
 sudo exportfs -v
 </nowiki></pre>
 Output:
 <pre><nowiki>
 /home          10.0.0.0/24(rw,wdelay,root_squash)
 </nowiki></pre>
 === Setting up clients for NFS and autofs ===
 '''To install nfs clients and autofs'''
 <pre><nowiki>
 sudo apt-get install autofs nfs-common
 </nowiki></pre>
 === Setting autofs ===
 '''Create auto.ahome file.'''
 <pre><nowiki>
 sudo vi /etc/auto.ahome
 </nowiki></pre>
 Add the following code segment to this file.
 <pre><nowiki>
 *       -fstype=nfs,rw,hard,intr,rsize=2048,wsize=2048,nosuid,nfsvers=3 10.0.0.1:/ahome/&
 </nowiki></pre>
 '''Create a mount point for auto homes'''
 <pre><nowiki>
 sudo mkdir /ahome
 </nowiki></pre>
 '''Add auto.home file to /etc/auto.master'''
 <pre><nowiki>
 sudo vi /etc/auto.master
 </nowiki></pre>
 Add the the following code segment to the above file
 <pre><nowiki>
 /ahome       /etc/auto.ahome      --timeout=120
 </nowiki></pre>
 '''Restart autofs'''
 <pre><nowiki>
 sudo /etc/init.d/autofs restart
 </nowiki></pre>
 To test your setup login as <code><nowiki>fmaster</nowiki></code>
 If you  can login, Cheers !!!
 Howto created by: ChinthakaDeshapriya.
 ----

	隐私政策关于Ubuntu中文免责声明
	Mozilla Cavendish Theme based on Cavendish style by Gabriel Wicke modified by DaSch for the Web Community Wiki github Projectpage – Report Bug – Skin-Version: 2.3.4