dbs

Forum Replies Created

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • in reply to: LDAP Client configuration for authentication? #47327
    dbs
    Member

    @fulvio wrote:

    You should better configure the file /etc/nsswitch.conf by using the line
    passwd: files ldap

    I’m just getting online now – note the beginning of this thread, I’m using ‘compat ldap’ – is there a difference?

    in reply to: LDAP Client configuration for authentication? #47325
    dbs
    Member

    @fulvio wrote:

    For Linux clients you need to configure pam_krb5.so in the PAM configuration files. In any case, several Linux distributions have their tools for automatic authorisation and authentication configuration.

    Okay, I’ll work on this for ubuntu, and let ya’ll know.

    @fulvio wrote:

    To check if the LDAP is correctly configured to provide user information, use the command:

    getent passwd

    This just shows my local accounts, no LDAP accounts. (ala, getent passwd shows a list of accounts. getent passwd | grep (a known ldap user) shows nothing.

    in reply to: LDAP Client configuration for authentication? #47323
    dbs
    Member

    @yum wrote:

    I’d suggest you using Fedora distribution. There is an utility called “authconfig-tui”, which works perfectly. You just have to specify “LDAP” for authorization, “Kerberos” for authentificaton, provide Zeroshell’s IP-address for both services, input LDAP base dn and Kerberos realm based on domain name. No need to edit configuration files by hand.

    While I appreciate the information, and I found similar info out on the net, replacing my distribution is not an option just to get this working. I’ll continue working on finding the answers elsewhere.

    My goal is to have the Zeroshell box essentially function as an ActiveDirectory server – providing a single authentication / authorization service to a range of client machines (windows, linux, mac, etc). On those boxes, I’ll need to set up services for shell access, http authorization, and SAMBA services.

    Any pointers to guides for these services would be helpful, but “replace your OS with this version” is not really an option, thanks.

    in reply to: LDAP Client configuration for authentication? #47321
    dbs
    Member

    @fulvio wrote:

    The manager user shares the password with admin.

    Changing the rootbinddn to ‘manager’ allowed it to work – now ‘id’ operations are working, but logins still are not.

    Is there a guide to setting up Kerberos to work with Zeroshell?

    in reply to: LDAP Client configuration for authentication? #47319
    dbs
    Member

    I do apologize for the n00b questions – authentication services are relatively new for me (though I used to admin NIS servers. Weep for me)

    @fulvio wrote:

    Use
    rootbinddn cn=manager,dc=interlude,dc=homeport,dc=org
    or anomymous bind.

    Hmm, I don’t have a login called ‘manager’. I do have the default ‘admin’ account – that’s what I’ve been using – should I not use that? Also, does this negate the need for ‘bindpw’?

    @fulvio wrote:

    Do not forget that Zeroshell uses LDAP only for authorisation. The authentication is managed by Kerberos5 and hence the hash of the password is not stored in LDAP.

    Alright, I barely know Kerberos, so I need ot learn that. What I understand here is that I must set up a kerberos server/client configuration (get a client key generated, etc), and set up the shared keys – LDAP will be used for authorization (“Yes, there’s a person named bob”), and k5 will be used for authentication (“and they can access this machine.”) ?

    Thanks again!

    dbs
    Member

    @vmv4 wrote:

    Firefox should be closed, including all tabs and ‘Downloads’ window after saving Zeroshell profile to be able to accept new certificate.

    That did it, thanks. I now have a happy Linux box authenticating against zeroshell via LDAP. Yay!

Viewing 6 posts - 1 through 6 (of 6 total)