DesktopConfig - UABgrid dev - Trac

Wiki Navigation

config openSUSE desktop for ldap authentication

install nss_ldap, pam_ldap packages

yast -i nss_ldap pam_ldap

create /etc/auth_ldap.conf

cat > /etc/auth_ldap.conf << EOF
ssl start_tls
ssl on

uri ldaps://ldap.uab.edu/

base ou=people,dc=uab,dc=edu

tls_cacertdir /etc/ssl/certs
EOF

edit /etc/pam.d/common-auth

patch --backup --directory=/etc/pam.d --ignore-whitespace common-auth << EOF
15c15,16
< auth  required        pam_unix2.so
---
> auth    sufficient      pam_unix2.so
> auth    sufficient      pam_ldap.so use_first_pass config=/etc/auth_ldap.conf
EOF

edit /etc/ldap.conf

cd /etc
cp -p ldap.conf ldap.conf.orig
cat > ldap.conf << EOF

host metric.it.uab.edu

base dc=nis,dc=lab,dc=ac,dc=uab,dc=edu

pam_filter objectclass=account

nss_base_passwd ou=People,dc=nis,dc=lab,dc=ac,dc=uab,dc=edu?one
nss_base_shadow ou=People,dc=nis,dc=lab,dc=ac,dc=uab,dc=edu?one
nss_base_group          ou=Group,dc=nis,dc=lab,dc=ac,dc=uab,dc=edu?one

# bind work-around for nss_ldap connection polling 
# due to network dependency during boot of openSUSE 11
bind_policy soft

uri ldap://metric.it.uab.edu/
pam_password_prohibit_message Please visit http://www.uab.edu/blazerid/ to change your password.
EOF

turn on nss ldap account lookup

patch --backup --directory=/etc --ignore-whitespace nsswitch.conf << EOF
29,30c29,30
< passwd: compat
< group:  compat
---
> passwd: files ldap
> group:  files ldap
EOF

enable files access

#
# create the automount config files
#
# auto.master
patch --backup --directory=/etc --ignore-whitespace auto.master << EOF
18c18,20
< +auto.master
---
> /net    /etc/auto.net
> /groups /etc/auto.groups --t 3600
> /home /etc/auto.home --t 3600
EOF
# auto home and groups
cat > /etc/auto.home << EOF
*               -rw,hard,intr   &.users:/export/disk/users/&
EOF
cat > /etc/auto.groups << EOF
*             -rw,hard,intr   &.groups:/export/disk/groups/&
EOF

#
# create the mount points
#
mv /home /lhome
mkdir /home /groups /net

#
# start the nfs client
#
service autofs start
chkconfig autofs on

restart critical services

#
# restart affected services
#
service nscd restart
service sshd restart

Set up the lab printer according to the PrinterConfig notes.

If you are running VMware Server on your box, it has a dedicated pam.d config file that needs to be modified to accept the network authentication config.

patch --backup --directory=/etc/pam.d --ignore-whitespace common-auth << EOF
3c3,4
< auth       required         /lib/security/pam_unix_auth.so shadow nullok
---
> auth       sufficient         /lib/security/pam_unix_auth.so shadow nullok
> auth    sufficient      pam_ldap.so use_first_pass config=/etc/auth_ldap.conf
EOF

Download in other formats:

Plain Text