Bass 's Blog (เขียน Blog แบบ บ่นๆ ตามฉบับ นายเบส) » desktop http://bass.bns.in.th ที่เขียนเรื่องบ้าๆ บ่อๆ กับความรู้ ของนายเบส ($BASS = "Bass"; print "$BASS = 9Bass";) ปล. สถาที่นี้เป็นที่ส่วนบุคคล โปรดใช้วิจรญาณในการรับชมด้วยครับ Thu, 11 Mar 2010 10:02:09 +0000 http://wordpress.org/?v=2.8.4 en hourly 1 Ubuntu 8.04 Hardy LDAP Client เอาไว้ทดลอง http://bass.bns.in.th/2009/12/11/ubuntu-8-04-hardy-ldap-client-%e0%b9%80%e0%b8%ad%e0%b8%b2%e0%b9%84%e0%b8%a7%e0%b9%89%e0%b8%97%e0%b8%94%e0%b8%a5%e0%b8%ad%e0%b8%87/ http://bass.bns.in.th/2009/12/11/ubuntu-8-04-hardy-ldap-client-%e0%b9%80%e0%b8%ad%e0%b8%b2%e0%b9%84%e0%b8%a7%e0%b9%89%e0%b8%97%e0%b8%94%e0%b8%a5%e0%b8%ad%e0%b8%87/#comments Thu, 10 Dec 2009 17:50:37 +0000 bass http://bass.bns.in.th/?p=410

Ubuntu 7.10 was a nightmare when it came to setting up ldap, but 8.04 improves this process quite a bit.

We are going to set up a Hardy client on a desktop machine, which involves using NFS (for /home) and allowing all desktop users to do desktop tasks.

apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db nfs-common nscd

Answer the questions; unlike Debian they should actually be put in the configuration file.

Make sure to transfer over your certifiate if you use SSL. I like to use /etc/ldap/ssl

Edit /etc/ldap.conf (which both libnss and libpam use).

host 192.168.1.1
base dc=example,dc=com

#This is important! Don’t use ldap:///192.168.1.1
uri ldap://example.com/
ldap_version 3
rootbinddn cn=admin,dc=example,dc=com
port 389
bind_policy soft
pam_password crypt
ssl start_tls
tls_checkpeer no
tls_cacertfile /etc/ldap/ssl/cert.pem
nss_initgroups_ignoreusers avahi,avahi-autoipd,backup,bin,daemon,dhcp,games,gdm,gnats,haldaemon,hplip,irc,klog,libuuid,list,lp,mail,man,messagebus,news,polkituser,proxy,pulse,root,sync,sys,syslog,uucp,www-data

Now edit /etc/ldap/ldap.conf

BASE    dc=example,dc=com
URI    ldap://example.com
TLS_CACERT /etc/ldap/ssl/cert.pem
TLS_REQCERT never

/etc/pam.d/common-account

account    sufficient   pam_ldap.so
account    required     pam_unix.so

/etc/pam.d/common-auth

auth       sufficient   pam_ldap.so
auth       required     pam_unix.so nullok_secure use_first_pass

/etc/pam.d/common-password

password   sufficient   pam_ldap.so
password   required     pam_unix.so nullok obscure min=4 max=8 md5

/etc/pam.d/common-session

session    required     pam_unix.so
session    required     pam_mkhomedir.so skel=/etc/skel/
session    optional     pam_ldap.so

/etc/nsswitch.conf

passwd: files ldap

group: files ldap

shadow: files ldap

hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

Now we want to make sure users are assigned to the correct groups when they log in, so add the following to /etc/security/groups.conf

gdm;*;*;Al0000-9000;floppy,audio,cdrom,video,plugdev,scanner

Hal does not recognize this, however, so delete the following entries from /etc/dbus-1/system.d/hal.conf

<deny send_interface=”org.freedesktop.Hal.Device.Volume”/>
<deny send_interface=”org.freedesktop.Hal.Device.Volume.Crypto”/>

We need to edit /etc/pam.d/gdm for the groups.conf file to take effect, so add the following

auth optional pam_group.so

As root, run

nss_updatedb ldap

To mount /home over NFS, add the following to /etc/fstab

192.168.1.1:/home       /home   nfs defaults 0 0

Refer : http://linuxadministration.us/2008/05/17/ubuntu-804-hardy-ldap-client/

]]> http://bass.bns.in.th/2009/12/11/ubuntu-8-04-hardy-ldap-client-%e0%b9%80%e0%b8%ad%e0%b8%b2%e0%b9%84%e0%b8%a7%e0%b9%89%e0%b8%97%e0%b8%94%e0%b8%a5%e0%b8%ad%e0%b8%87/feed/ 0