LDAP Client
From Maze's wiki
Unix/Linux
apt-get install libnss-ldap
- LDAP server Uniform Resource Identifier: <ldap://ipaddress>
- Distinguished name of the search base: <dc=example,dc=com>
- LDAP version to use: <3>
- LDAP account for root: <cn=admin,dc=example,dc=com>
- Make local root Database admin. <Yes>
- Does the LDAP database require login? <No>
- LDAP account for root: <cn=admin,dc=example,dc=com>
Change these lines in /etc/nsswitch.conf
passwd: compat ldap group: compat ldap shadow: compat ldap
PAM >= 1.0.1-6
Use
pam-auth-update
- enable LDAP
PAM <= 1.0.1-6
Replace /etc/pam.d/common-account with:
account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so
Replace /etc/pam.d/common-auth with:
auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so
Replace /etc/pam.d/common-password with:
password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_ldap.so use_first_pass password required pam_deny.so
Replace /etc/pam.d/common-session with:
session required pam_limits.so session required pam_mkhomedir.so skel=/etc/skel/ umask=0077 session required pam_unix.so session optional pam_ldap.so
Reboot
Reboot the system in order to activate the new PAM configuration.
Windows
Windows XP/2000 clients are ready to be joined to the domain. Only for Windows 7 and Vista clients a couple of changes are mandatory:
- start secpol.msc
- Change Local Policies -> Security Options -> Network Security: LAN Manager authentication level to "Send LM & NTLM - use NTLMv2 session security if negotiated"
Also the registry needs some edits:
- Start regedit
- Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\LanmanWorkstation\Parameters
- Add DWORD: DomainCompatibilityMode and set it to 1
- Add DWORD: DNSNameResolutionRequired and set it to 0
