User Tools

Site Tools


user:bewanyk:portfolio:ldap-client-install

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
user:bewanyk:portfolio:ldap-client-install [2011/04/04 18:57] – [Verify Installation] bewanykuser:bewanyk:portfolio:ldap-client-install [2011/04/04 19:02] (current) – [References:] bewanyk
Line 1: Line 1:
 +======LDAP Clinet Installation and Configuration.======
 +=====Preparation of virtual machine.=====
 +  * Log onto the virtual machine, created for use as a LDAP client, as root using the password set at VM creation.
 +<cli>~$ ssh root@vm31.student.lab
 +Warning: Permanently added 'vm31.student.lab,10.80.3.31' (RSA) to the list of known hosts.
 +root@vm31.student.lab's password:Li0p13ur0d0n</cli>
 +  * Use pico to edit the '/etc/hosts' file and change the beginning of the file matchs the following:
 +<cli>127.0.0.1      localhost
 +10.80.3.31     vm31.student.lab vm31
 +10.80.3.36     vm36.student.lab vm36
 +#The following lines are desireable for IPv6 capable hosts
 +</cli>
 +  * Install the ssh nmap packages using the command 'apt-get install ssh nmap'
 +    * Press <Y> and <Enter> when prompted.
 +  *Confirm the LDAP server is available on the network using the command 'nmap -p 389 vm36.student.lab'
 +    * Port state and service should read as "389/tcp open  ldap"
 +=====OpenLDAP Client Install.=====
 +  * Install the client packages needed using the command 'apt-get install libnss-ldap libpam-ldap nscd'
 +    * When prompted enter 'ldap://vm36.student.lab' and press <Enter>.
 +    * When prompted change the default entry to 'dc=student,dc=lab' and press <Enter>.
 +    * When prompted select "3" using the arrow keys and press <Enter>.
 +    * When prompted change the default entry to 'cn=manager,dc=student,dc=lab' and press <Enter>.
 +    * When prompted for a password press <Enter>.
 +      * DO NOT ENTER A PASSWORD AT THIS POINT!
 +    * When prompted press <Enter>.
 +    * When prompted select "<No>" using the arrow keys and press <Enter>.
 +    * When prompted select "<No>" using the arrow keys and press <Enter>.
 +  * Install the LDAP utilities package using the command 'apt-get install ldap-utils' and press <Enter>.
 +  * Reconfigure the //debconf// of //libnns-ldap// using the command 'dpkg-reconfigure libnss-ldap' and press <Enter>.
 +    * When prompted, confirm the entry reads "ldap://vm36.student.lab" and press <Enter>.
 +    * When prompted, confirm the entry reads "dc=student,dc=lab" and press <Enter>.
 +    * When prompted use the arrows to select "3" and press <Enter>.
 +    * When prompted use the arrows to select "<No>" and press <Enter>.
 +    * When prompted use the arrows to select "<No>" and press <Enter>.
 +    * When prompted use the arrows to select "<No>" and press <Enter>.
 +    * Press <Enter> to select "<Ok>".
 +====ldap.conf====
 +  * Use pico to edit the //"/etc/ldap/ldap.conf"// file using the command 'pico /etc/ldap/ldap.conf' and change the BASE and URI lines to match the following:
 +<cli>BASE     dc=student,dc=lab
 +URI     ldap://vm36.student.lab ldap://vm36.student.lab:665</cli>
 +    * Save and exit usint the <Ctrl>+<X> command.
 +====nsswitch.conf====
 +  * Stop the nscd daemon using the command '/etc/init.d/nscd stop'
 +  * Use pico to edit the nsswitch.conf file by typing the command 'pico /etc/nsswitch.conf' and pressing <Enter>.
 +    * Change the passwd, group, shadow, and hosts entries to match the following:
 +<cli>
 +passwd:          ldap files
 +group:           ldap files
 +shadow:          ldap files
  
 +hosts:           files dns</cli>
 +    * Save and exit using the <Ctrl>+<X> command. 
 +  * Use the command '/etc/init.d/nscd restart' and then the <Enter> key to restart the Name Service Cache Daemon.
 +====PAM Configuration====
 +  * Use pico to edit the common-session file using the command 'pico /etc/pam.d/common-session'
 +    * Add the following line to the end of the file:
 +  session required          pam_mkhomedir.so
 +    * Save and exit using the <Ctrl>+<X> command.
 +====Verify Installation====
 +  * Confirm installation using the following command:
 +
 +  ~# id genUsr
 +
 +      * The response should look like:
 +<cli>uid=20000(genUsr) gid=20000 groups=20000</cli>
 +=====References:=====
 +[[http://www.rjsystems.nl/en/2100-d6-openldap-client.php|TechNotes - OpenLDAP client on Debian Squeeze]]
 +
 +[[http://www.rjsystems.nl/en/2100-pam-debian.php|PAM configuration guide for Debian]]
 +
 +[[http://www.faqs.org/rfcs/rfc3377.html|RFC 3377 - LDAP]]
 +
 +[[http://www.faqs.org/rfcs/rfc2251.html|RFC 2251 - LDAP]]