Difference between revisions of "LDAP Client"

From Maze's wiki
Jump to: navigation, search
 
Line 1: Line 1:
 +
=Unix/Linux=
 
<pre>
 
<pre>
 
apt-get install libnss-ldap
 
apt-get install libnss-ldap
Line 17: Line 18:
 
</pre>
 
</pre>
  
=PAM >= 1.0.1-6=
+
==PAM >= 1.0.1-6==
 
Use
 
Use
 
<pre>
 
<pre>
Line 23: Line 24:
 
</pre>
 
</pre>
 
*enable LDAP
 
*enable LDAP
=PAM <= 1.0.1-6=
+
==PAM <= 1.0.1-6==
 
Replace /etc/pam.d/common-account with:
 
Replace /etc/pam.d/common-account with:
 
<pre>
 
<pre>
Line 50: Line 51:
 
session        optional        pam_ldap.so
 
session        optional        pam_ldap.so
 
</pre>
 
</pre>
=Reboot=
+
==Reboot==
 
Reboot the system in order to activate the new PAM configuration.
 
Reboot the system in order to activate the new PAM configuration.
 +
=Windows=
 +
Windows XP/2000 clients are ready to be joined to the domain. Only for Windows 7 and Vista clients a couple of changes are mandatory:
 +
*start secpol.msc
 +
*Change Local Policies -> Security Options -> Network Security: LAN Manager authentication level to "Send LM & NTLM - use NTLMv2 session security if negotiated"
 +
Also the registry needs some edits:
 +
*Start regedit
 +
*Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\LanmanWorkstation\Parameters
 +
*Add DWORD: DomainCompatibilityMode and set it to 1
 +
*Add DWORD: DNSNameResolutionRequired and set it to 0

Latest revision as of 08:39, 16 June 2010

Unix/Linux

apt-get install libnss-ldap
  • LDAP server Uniform Resource Identifier: <ldap://ipaddress>
  • Distinguished name of the search base: <dc=example,dc=com>
  • LDAP version to use: <3>
  • LDAP account for root: <cn=admin,dc=example,dc=com>
  • Make local root Database admin. <Yes>
  • Does the LDAP database require login? <No>
  • LDAP account for root: <cn=admin,dc=example,dc=com>

Change these lines in /etc/nsswitch.conf 

passwd:         compat ldap
group:          compat ldap
shadow:         compat ldap

PAM >= 1.0.1-6

Use 

pam-auth-update
  • enable LDAP

PAM <= 1.0.1-6

Replace /etc/pam.d/common-account with: 

account         sufficient      pam_unix.so 
account         sufficient      pam_ldap.so 
account         required        pam_deny.so

Replace /etc/pam.d/common-auth with: 

auth    required        pam_env.so 
auth    sufficient      pam_unix.so likeauth nullok 
auth    sufficient      pam_ldap.so use_first_pass 
auth    required        pam_deny.so

Replace /etc/pam.d/common-password with: 

password        sufficient      pam_unix.so nullok md5 shadow use_authtok 
password        sufficient      pam_ldap.so use_first_pass 
password        required        pam_deny.so

Replace /etc/pam.d/common-session with: 

session         required        pam_limits.so
session         required        pam_mkhomedir.so skel=/etc/skel/ umask=0077
session         required        pam_unix.so
session         optional        pam_ldap.so

Reboot

Reboot the system in order to activate the new PAM configuration.

Windows

Windows XP/2000 clients are ready to be joined to the domain. Only for Windows 7 and Vista clients a couple of changes are mandatory:

  • start secpol.msc
  • Change Local Policies -> Security Options -> Network Security: LAN Manager authentication level to "Send LM & NTLM - use NTLMv2 session security if negotiated"

Also the registry needs some edits:

  • Start regedit
  • Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\LanmanWorkstation\Parameters
  • Add DWORD: DomainCompatibilityMode and set it to 1
  • Add DWORD: DNSNameResolutionRequired and set it to 0
Retrieved from "https://www.zeedijk.net/wiki/index.php?title=LDAP_Client&oldid=90"