Install updates if any
############################
root@ip-172-31-8-85:~# sudo apt-get update
Install packages
#####################
root@ip-172-31-8-85:~# sudo apt-get install libnss-ldap
libpam-ldap ldap-utils nscd -y
Reconfigure ldap client authentication if required
####################################################
root@ip-172-31-8-85:~# sudo dpkg-reconfigure ldap-auth-config
Follow the steps below to configure client:
(Now your LDAP client is configured)
(The installer does the most of the configurations based on our
inputs given in the previous section. But, there are still some
changes required for LDAP authentication to work.)
Configure nsswitch.conf to work with LDAP.
######################################
root@ip-172-31-8-85:~# sudo vim /etc/nsswitch.conf
Update the below lines shown like below.
# pre_auth-client-config passwd: compat ldap
passwd: files ldap
# pre_auth-client-config group: compat ldap
group: files ldap
# pre_auth-client-config shadow: compat ldap
shadow: files ldap
(Optional: If you want the home directory of the user to be created
automatically, then do as follow.)
######################################################
root@ip-172-31-8-85:~# sudo vim /etc/pam.d/common-session
(Add below line in the above file.)
session required pam_mkhomedir.so skel=/etc/skel umask=077
Restart the nscd service.
##########################
root@ip-172-31-2-63:~# sudo service nscd restart
Validate
#################################################
Use the getent command to get the LDAP entries from the LDAP server.
root@ip-172-31-8-85:~# getent passwd shashank
shashank:*:1001:501:shashank:/home/users/shashank:
root@ip-172-31-8-85:~# getent passwd ldapuser
ldapuser:*:1000:501:ldapuser:/home/users/ldapuser:
Check the users logging
######################################
root@ip-172-31-8-85:~# su - shashank
shashank@ip-172-31-8-85:~$ pwd
/home/users/shashank
shashank@ip-172-31-8-85:~$ logout
root@ip-172-31-8-85:~# su - ldapuser
ldapuser@ip-172-31-8-85:~$ pwd
/home/users/ldapuser
ldapuser@ip-172-31-8-85:~$ logout
(Its has automatically created the directory on the local system.
You can check by pwd as done above)
No comments:
Post a Comment