Last active
December 28, 2015 09:49
-
-
Save shutingrz/7481300 to your computer and use it in GitHub Desktop.
OpenLDAP24 client config on FreeBSD9.2 in ConvivialNet.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #openldap24-sasl-client | |
| root@nadeco:/usr/ports/net/openldap24-sasl-client # make config-recursive | |
| #openldap24-sasl-client | |
| +fetch | |
| root@nadeco:/usr/ports/net/openldap24-sasl-client # make install clean | |
| #nss_ldap | |
| root@nadeco:/usr/ports/net/nss_ldap # make config-recursive | |
| #all default | |
| root@nadeco:/usr/ports/net/nss_ldap # make install clean | |
| #pam_ldap | |
| root@nadeco:/usr/ports/security/pam_ldap # make config-recursive | |
| root@nadeco:/usr/ports/security/pam_ldap # make install clean | |
| #pam_mkhomedir 新しいユーザでログインした際に自動的にホームディレクトリを作成する | |
| root@nadeco:/usr/ports/security/pam_mkhomedir # make install clean | |
| root@nadeco:/usr/local/etc # touch ldap.conf | |
| root@nadeco:/usr/local/etc # vi ldap.conf | |
| +base dc=convivial,dc=jp | |
| +uri ldap://192.168.100.254/ | |
| +ldap_version 3 | |
| +nss_base_passwd ou=People,dc=convivial,dc=ne,dc=jp?one | |
| +nss_base_shadow ou=People,dc=convivial,dc=ne,dc=jp?one | |
| +nss_base_group ou=Group,dc=convivial,dc=ne,dc=jp?one | |
| +bind_policy soft | |
| +pam_login_attribute uid | |
| root@nadeco:/usr/local/etc # ln -sf /usr/local/etc/ldap.conf /usr/local/etc/nss_ldap.conf | |
| root@nadeco:/usr/local/etc # ln -sf /usr/local/etc/ldap.conf /usr/local/etc/pam_ldap.conf | |
| root@nadeco:/usr/local/etc # ln -sf /usr/local/etc/ldap.conf /usr/local/etc/openldap/ldap.conf | |
| root@nadeco:/usr/local/etc # ln -s /usr/local/lib/pam_ldap.so /usr/lib/pam_ldap.so | |
| root@nadeco:/usr/local/etc # ln -s /usr/local/lib/nss_ldap.so /usr/lib/nss_ldap.so | |
| root@nadeco:/usr/local/etc # ln -s /usr/local/lib/pam_mkhomedir.so /usr/lib/pam_mkhomedir.so | |
| root@nadeco:/etc # vi /etc/nsswitch.conf | |
| +group: files ldap | |
| +#group_compat: nis | |
| +passwd: files ldap | |
| +#passwd_compat: nis | |
| root@nadeco:/etc/pam.d # vi sshd | |
| #順番に気をつけること。auth,accountの両方ともpam_unix.soの真上に挿入する。 | |
| #sessionは他session行の末尾に追加する | |
| +auth sufficient pam_ldap.so no_warn | |
| +account sufficient pam_ldap.so no_warn ignore_authinfo_unavail | |
| +session required pam_mkhomedir.so | |
| root@nadeco:/etc/pam.d # vi system | |
| #順番に気をつけること。auth,accountの両方ともpam_unix.soの真上に挿入する。 | |
| #sessionは他session行の末尾に追加する | |
| +auth sufficient pam_ldap.so no_warn | |
| +account sufficient pam_ldap.so no_warn ignore_authinfo_unavail | |
| +session required pam_mkhomedir.so | |
| root@nadeco:/etc/pam.d # vi su | |
| #元々あるauthの group=wheel に,operatorを追加する(ldapユーザはgid=5000(operator)なので) | |
| +auth requisite pam_group.so no_warn group=wheel,operator root_only fail_safe ruser | |
| #bash (linuxからldapアカウントを移行したため今までのユーザのログインシェルがbashになっている ) | |
| root@nadeco:/usr/ports/shells/bash # make config-recursive | |
| root@nadeco:/usr/ports/shells/bash # make install clean | |
| root@nadeco:/usr/ports/shells/bash # ln -s /usr/local/bin/bash /bin/bash | |
| root@nadeco:/usr/ports/shells/bash # rehash |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment