[Fedora-directory-users] Debian client to FDS howto
Steven Jones
Steven.Jones at vuw.ac.nz
Thu Sep 13 20:45:01 UTC 2007
I have written the below, if it is helpful/correct by all means place it
on FDS wiki.
Debian client setup
Important notes
There would seem to be at least 2 places (if not three) containing
information for ldap. In order to make Debian 4 work I have deleted 2
and sym linked. It is possible on patching Debian that these files maybe
restored and LDAP authentication will no longer work.
There may well be an official method to setup Debian but I have not been
able to locate one via Google.
Ldap client setup (command line method)
Move to the ldap directory and backup the ldap.conf file.
cd /etc/ldap/ ; cp ldap.conf orig-ldap.conf
add/edit /etc/ldap/ldap.conf,
===========
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04
19:57:01 kurt Exp $
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
host xxxx.195.87.249
base dc=xxxx,dc=ac,dc=nz
ssl no
TLS_CACERTDIR /etc/openldap/cacerts
pam_password exop
#pam_password md5
HOST xxx.195.87.249
BASE dc=xxxx,dc=ac,dc=nz
===========
cd /etc/ and back up pam_ldap.conf
cp /etc/pam_ldap.conf /etc/orig-pam_ldap.conf
and delete this file and link it to /etc/ldap/ldap.conf
ln -s /etc/ldap/ldap.conf /etc/pam_ldap.conf
cd /usr/share/libpam-ldap/ ; mv ldap.conf orig-ldap.conf
ln -s /etc/ldap/ldap.conf /usr/share/libpam-ldap/ldap.conf
At this point the ldapsearch tool and pam should be querying the LDAP
server and this will show up in the access log.
ssh
We will start with using ssh vi LDAP,
cd /etc/ssh and more sshd_config and make sure, "UsePAM yes" is present,
if not add it (should be there by default).
cd /etc/pam.d/ to set up the ssh file for pam. Add in these lines at the
beginning of the file,
#allow ldap
auth sufficient pam_ldap.so
account sufficient pam_ldap.so
session sufficient pam_ldap.so
password sufficient pam_ldap.so
restart ssh with /etc/init.d/ssh restart
ssh logins should now work OK.
regards
Steven
More information about the Fedora-directory-users
mailing list