On the Net

|Main Blog|Yearning|  

Words of God


About Linux News and OpenSource

How to Install and Use Windows Applications on Linux using PlayOnLinux
Thursday, January 31, 2019

In this article, we will explain how to install PlayOnLinux on your Ubuntu both through the command line and the graphical user interface. More importantly, we will explain how to install a Windows application, Notepad Plus Plus in our example, by using PlayOnLinux. .. read more..

How To Add The BlackArch Pentesting Repository To Arch Linux
Thursday, January 31, 2019

BlackArch is a penetration testing distribution, similar to Kali Linux, but it’s built on top of Arch Linux. In reality, BlackArch is really a pre-configured Arch installation with an extra repository full of security tools. As a result, you can add the BlackArch repository to a regular install o... .. read more..

WINE 4.0, LXQt 0.14, Parrot OS, Mastodon, MythTV, Gitea, APT Vulnerability | ...
Thursday, January 31, 2019

also on TWinL52: Lubuntu Council Announced, Manjaro Stable Update Breakage, Multipass, gotop, TuxClocker, Dell's XPS 13 9380, Ad Blocker Breakage in Chrome Extension Manifest V3, Humble Bundles .. read more..

Free Drawing And Painting Program MyPaint 2.0.0 Alpha Released
Thursday, January 31, 2019

After being in development for more than 2 years, MyPaint 2.0.0 alpha is available for download. MyPaint is a free, open source drawing and painting program available for Windows, macOS, and Linux. The application features infinite canvas, configurable brushes, graphics tablet support, and a dist... .. read more..

Ubuntu 18.04 needs patching
Thursday, January 31, 2019

Canonical is updating Ubuntu 18.04 to the 4.15.0-44.47 Linux kernel to fix several security bugs. .. read more..

Powered by Feed Informer



and below are my posts....


Tuesday, August 29, 2006

Adding my existing Centos Box to also authenticate to my LDAP Server

Ok, since I can now authenticate to my LDAP Server from my Mandriva box, I want to add the existing Centos Box that acted as a fileserver and dial-in server to authenticate to the same LDAP Server.

On the Centos Box, I have the following package installed:

openldap-2.2.13-4
nss_ldap-226-10
compat-openldap-2.1.30-4
openldap-clients-2.2.13-4

On this box, I dont have X running so all the configuration is via CLI. To start with, I open the konsole, log as root then run authconfig, when prompted on something, make sure to enable ldap authentication method.. see image...


ok, on my box, after doing that, It should automatically touch and modified /etc/nsswitch.conf but it did'nt (or maybe I'm wrong), so I manually modified that /etc/nsswitch.conf



passwd: files ldap
shadow: files ldap
group: files ldap



I added the word ldap after the word files, so I can retain the machine to still login using the local users, incase the ldap server is not available.

Below are my working config files, which also allows ldap users to change their own password using the command passwd:

/etc/pam.d/system-auth


#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so
auth sufficient /lib/security/$ISA/pam_ldap.so likeauth nullok use_first_pass
auth required /lib/security/$ISA/pam_deny.so

account required /lib/security/$ISA/pam_unix.so broken_shadow
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account sufficient /lib/security/$ISA/pam_ldap.so
#account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_ldap.so
account required /lib/security/$ISA/pam_permit.so

password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_deny.so

session optional /lib/security/$ISA/pam_mkhomedir.so skel=/etc/skel/ umask=0022
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_ldap.so



and my /etc/pam.d/passwd file


#%PAM-1.0
#auth required pam_stack.so service=system-auth
#account required pam_stack.so service=system-auth
#password required pam_stack.so service=system-auth
password sufficient pam_ldap.so
password required pam_unix.so nullok obscure min=4 max=8



and my /etc/ldap.conf


#I'm using stunnel, so the value of host should be localhost
host 127.0.0.1
base dc=duriancity,dc=dvo
ldap_version 3
scope one
pam_filter objectclass=posixaccount
pam_login_attribute uid
pam_member_attribute gid
pam_password crypt
nss_base_passwd dc=duriancity,dc=dvo?sub
nss_base_passwd ou=People,dc=duriancity,dc=dvo?one
nss_base_shadow dc=duriancity,dc=dvo?sub
nss_base_group dc=duriancity,dc=dvo?sub
ssl no



and create the file /etc/stunnel/stunnel.conf


chroot = /home/stunnel
pid = /stunnel.pid
setuid = stunnel
setgid = stunnel
#configure logging
debug = 7
output = /var/log/messages
#client mode
client = yes
#Service level config
[ldap]
accept = 389
connect = 172.16.0.250:636


then create the user stunnel and then lock that user

To test if its working, issue the command


getent passwd


It should display the ldap users together with other existing local users

posted by aioshin at 11:38 AM

0 Comments:

Post a Comment

<< Home