Skip navigation

Objectives

This screencast continues on with the ldap server we setup in the previous screencast, but this time we will configure another server (client.test.net) to authenticate its users against our LDAP. This is a concept known as centralised user authentication, where by we can store all our users and their credentials on one server. The screencast is basically a walk through of the changes that need to be made to PAM (pluggable authentication modules) which Linux uses to determine how users should be authenticated when logging in.

I have to apologise for the screw up at the end. I had changed my example users password and forgotten about it until I came to do the screencast, hopefully you’ll get the idea.

Note: If you haven’t come across PAM before it is advisable to have a quick skim though this very good introduction before trying to configure PAM.

Resources

apt-get install libpam-ldap nscd

cd /etc/
emacs nsswitch.conf
change:
  passwd: ldap compat
  group:  ldap compat
  shadow: ldap compat

cd /etc/pam.d/
edit each of the following files...
* common-auth
  (edit)   auth [success=1 default=ignore] pam_unix.so nullok_secure
  (add)    auth required pam_ldap.so use_first_pass
  (add)    auth required pam_permit.so

* common-account
  (edit) account sufficient	pam_unix.so
  (add)  account required	pam_ldap.so

* common-session
  (add) session required pam_mkhomedir.so skel=/etc/skel/ umask=0022

* common-password
  (edit) password sufficient pam_unix.so nullok obscure md5
  (add)  password required   pam_ldap.so

invoke-rc.d nscd restart

References

 Subscribe in a reader

2 Comments

  1. Thanks for the helpful videos, i do hope that you can make some other for tunneling in ubuntu, and openvpn

    Regards
    Sanfoor

    • No problem, thanks for watching, I’m glad I could be of some help.

      I had planned to cover OpenVPN (or possibly OpenS/WAN which I’ve used for a company before) but not for some time unfortunatly. I will be covering OpenLDAP + TLS before the end of the weekend, and then delving into integrating Kerberos for user authentication.

      Hopefully I find time to keep doing these videos as I enjoy learning about the software while I’m putting them together but I have been quite busy recently. Thanks again for the feed back.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: