tutorial - LDAP Client Authentication

  1. This file "/etc/ldap.conf" is the 1st file that has to be modified as this is the file that tells the system which ldap server to authenticate too.

    host yourdomain.com
    base dc=yourdomain,dc=com
    uri ldap://yourdomain.com/
    ldap_version 3
    rootbinddn cn=Manager,dc=yourdomain,dc=com
    scope sub
    timelimit 5
    bind_timelimit 5
    nss_reconnect_tries 2
    pam_login_attribute uid
    pam_member_attribute gid
    pam_password md5
    pam_password exop
    nss_base_passwd ou=People,dc=yourdomain,dc=com
    nss_base_shadow ou=People,dc=yourdomain,dc=com


  2. Now we have to add the passwd in this file "/etc/ldap.secret" so that we can authenticate to the ldap server

    password
  3. Now we have to modify this file "/etc/nsswitch.conf"

    passwd:         files ldap
    group: files ldap
    hosts: dns ldap
    services: ldap [NOTFOUND=return] files
    networks: ldap [NOTFOUND=return] files
    protocols: ldap [NOTFOUND=return] files
    rpc: ldap [NOTFOUND=return] files
    ethers: ldap [NOTFOUND=return] files
    netmasks: files
    bootparams: files
    publickey: files
    automount: files
    sendmailvars: files
    netgroup: ldap [NOTFOUND=return] files

  4. Now it is time to modify the files in /etc/pam.d/ directory.
    First file to be modified is "/etc/pam.d/login"


    auth
    sufficient pam_ldap.so
    account sufficient pam_ldap.so
    password sufficient pam_ldap.so
    session sufficient pam_ldap.so
    auth            requisite       pam_securetty.so
    auth requisite pam_nologin.so
    auth sufficient pam_ldap.so
    auth required pam_unix.so use_first_pass
    auth required pam_tally.so onerr=succeed file=/var/log/faillog
    account required pam_access.so
    account required pam_time.so
    account required pam_unix.so
    account sufficient pam_ldap.so
    password sufficient pam_ldap.so
    session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
    session required pam_unix.so
    session required pam_env.so
    session required pam_motd.so
    session required pam_limits.so
    session optional pam_mail.so dir=/var/spool/mail standard
    session sufficient pam_ldap.so
    session optional pam_lastlog.so


  5. Now we modify "/etc/pam.d/shadow"

    auth sufficient pam_ldap.so
    account sufficient pam_ldap.so
    password sufficient pam_ldap.so
    session sufficient pam_ldap.so
    auth            sufficient      pam_rootok.so
    auth required pam_unix.so
    auth sufficient pam_ldap.so use_first_pass
    account required pam_unix.so
    account sufficient pam_ldap.so
    session required pam_unix.so
    session sufficient pam_ldap.so
    password sufficient pam_ldap.so
    password required pam_permit.so



  6. Now we modify "/etc/pam.d/passwd"

    password sufficient pam_ldap.so
    password        sufficient      pam_ldap.so
    password required pam_unix.so shadow nullok



  7. Now we modify "/etc/pam.d/su"

    auth sufficient pam_ldap.so
    account sufficient pam_ldap.so
    session sufficient pam_ldap.so
    auth            sufficient      pam_ldap.so
    auth sufficient pam_rootok.so
    auth required pam_unix.so use_first_pass
    account sufficient pam_ldap.so
    account required pam_unix.so
    session sufficient pam_ldap.so
    session required pam_unix.so


  8. Now we modify "/etc/pam.d/sudo"

    auth sufficient pam_ldap.so
    auth            sufficient      pam_ldap.so
    auth required pam_unix.so use_first_pass
    auth required pam_nologin.so

  9. In this file "/etc/pam.d/sshd" you have to add 3 entries, one for auth, one for account, and one for session.
    auth sufficient pam_ldap.so
    account sufficient pam_ldap.so
    password required pam_ldap.so


    auth            required        pam_nologin.so
    auth sufficient pam_ldap.so
    auth required pam_env.so
    auth required pam_unix.so use_first_pass
    account sufficient pam_ldap.so
    account required pam_unix.so
    account required pam_time.so
    password required pam_ldap.so
    password required pam_unix.so
    session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
    session required pam_unix_session.so
    session sufficient pam_ldap.so
    session required pam_limits.so


Free, facebook, tips, Links, blogging, Downloads, Google, facebookTips, money, news, apps, Social, Media, Website, Tricks, games, Android, software, PIctures, Internet, Security, Web, codes, Review, bloggers, SAMSUNG, Worldwide, Contest, Exitic, Phones, facebookTricks, hacking, London, Olympics, SEO, Youtube, iOS, Adsense, gadgets, iPHONE, widgets, Doodle, twitter, video, Deals, technology, Aircel, Airtel, iPAD, Angry, Birds, BSNL, TechLife, GMAIL, Idea, Microsoft, SmartPhones, Stress, Buster, Windows, Yahoo, Infolinks, Nokia, Scam, Uninor, browsers, Amazon, Euro, CUP, Chat, IDM, JOBS, Modem, Music, Reliance, Results, SSC, Tata, Docomo, bing, freebie, mobile, placements, AIEEE, AlertPay, Chrome, College, Competetive, Exam, Dehradun, Extension, FireFox, GPRS, HTC, IMPACT, Info, MTS, Mark, Zukerberg, Paypal, Promotional, Post, Torrent, UTU, Unlocking, VodaFone, Wall, Paper, apple, books, engineering, iCAR, iTunes, pinterest, rovio, AVG, Admit, Card, Adobe, Affiliate, Marketing, Akhilesh, Amul, Girl, BlackBerry, ChromeBook, Clixsense, Coupon, Digitallife, Discovery, Emoticons, Festival, GATE, GIMP, Income, Tax, International, JSS, JailBreaking, Kindle, Linux, Local, MAX, PAYNE, Mac, Mango, Memory, Speed, Nexus, Online, Shopping, Raakhi, Report, Rising, Stars, Sample, Science, Sony, Syllabus, TabletBooK, Teamviewer, Templates, Dark, Knight, Rises, USA, UPMT, Virgin, Xperia, ZTE, challan, counselling, course, btech, funny, iMOVE, registration

source:http://linuxpoison.blogspot.com/2008/10/13578175714218.html

Labels

Web Search Gmail Google Docs Mobile YouTube Google Maps Google Chrome User interface Tips iGoogle Social Google Reader Traffic Making Devices cpp programming Ads Image Search Google Calendar tips dan trik Google Video Google Translate web programming Picasa Web Albums Blogger Google News Google Earth Yahoo Android Google Talk Google Plus Greasemonkey Security software download info Firefox extensions Google Toolbar Software OneBox Google Apps Google Suggest SEO Traffic tips Book Search API Acquisitions InOut Visualization Web Design Method for Getting Ultimate Traffic Webmasters Google Desktop How to Blogging Music Nostalgia orkut Google Chrome OS Google Contacts Google Notebook SQL programming Google Local Make Money Windows Live GDrive Google Gears April Fools Day Google Analytics Google Co-op visual basic Knowledge java programming Google Checkout Google Instant Google Bookmarks Google Phone Google Trends Web History mp3 download Easter Egg Google Profiles Blog Search Google Buzz Google Services Site Map for Ur Site game download games trick Google Pack Spam cerita hidup Picasa Product's Marketing Universal Search FeedBurner Google Groups Month in review Twitter Traffic AJAX Search Google Dictionary Google Sites Google Update Page Creator Game Google Finance Google Goggles Google Music file download Annoyances Froogle Google Base Google Latitude Google Voice Google Wave Google Health Google Scholar PlusBox SearchMash teknologi unik video download windows Facebook Traffic Social Media Marketing Yahoo Pipes Google Play Google Promos Google TV SketchUp WEB Domain WWW World Wide Service chord Improve Adsence Earning jurnalistik sistem operasi AdWords Traffic App Designing Tips and Tricks WEB Hosting linux How to Get Hosting Linux Kernel WEB Errors Writing Content award business communication ubuntu unik