Administrace komentářů

zdravim vsechny! obracim se zas po dobe s problemem: ldap uzivatele se autorizuji proti ldaps serveru se sdilenym nfs oddilem, vse funguje jak ma az na jednu dulezitou vec: pri prvnim prihlaseni uzivatele se nevytvori homedir se spravnymi pravy, tudiz v adresari nejdou vytvorit potrebne subfoldery a gnome-login se kousne ..., jsem si na 90 procent jistej, ze ldap-auth/pam.d/nsswitch jsou nastaveny OK, getent vraci vse jak ma, nicmene v auth.log(klienti) se objevuji hlasky typu "unable to connect ldaps://XX.XX.XX.XX" ..., "homedir" se vytvori jako "nobody:nogroup" coz nechapu proc, kdyz pote upravim vlastnika, funguje vse jak ma ..., jeste dodam, ze mam upraven /etc/network/interfaces tak, aby sel login wireless .... predem diky za napady, prikladam configy:

/etc/ldap.conf

#ldap-tls
host 192.168.4.4
base dc=mottaket,dc=no
uri ldaps://192.168.4.4
ldap_version 3
rootbinddn cn=admin,dc=mottaket,dc=no
pam_password md5
ssl on
tls_checkpeer no
tls_cacertfile /etc/ldap/tls-cert/cacert.pem

ldap_profil

[open_ldap]
nss_passwd=passwd: compat ldap
nss_group=group: compat ldap
nss_shadow=shadow: compat ldap
nss_netgroup=netgroup: compat ldap

pam_auth=auth       required     pam_env.so
 auth       sufficient   pam_unix.so likeauth nullok
 auth       sufficient   pam_ldap.so use_first_pass
 auth       required     pam_deny.so
pam_account=account    sufficient   pam_unix.so
 account    sufficient   pam_ldap.so
 account    required     pam_deny.so
pam_password=password   sufficient   pam_unix.so nullok md5 shadow use_authtok
 password   sufficient   pam_ldap.so use_first_pass
 password   required     pam_deny.so
pam_session=session    required     pam_limits.so
 session    required     pam_mkhomedir.so skel=/etc/skel/ umask=0077
 session    required     pam_unix.so
 session    optional     pam_ldap.so

klienti maj defaulni PXE install s postinstall. skriptem:

#!/bin/bash
# wireless before login
# to add to /etc/network/interfaces

echo -e "auto wlan0 \n iface wlan0 inet dhcp \n #pre-up sleep 20 \n wpa-passphrase windows7isdead \n wpa-driver wext \n wpa-key-mgmt WPA-PSK \n wpa-proto WPA \n wpa-ssid XXX-XXX-XXX" >> /etc/network/interfaces

#some dir creation
mkdir /home/ldaphome
mkdir /etc/ldap/tls-cert
cp cacert.pem /etc/ldap/tls-cert/

#apt programs
#apt-get purge -y network-manager
apt-get install -y nfs-common libpam-ldap

cp open_ldap /etc/auth-client-config/profile.d/
auth-client-config -a -p open_ldap
#auth-client-config -t nss -p open_ldap #karmic


cp /etc/ldap.conf /etc/ldap.conf.backup
cp ldap.conf /etc

#to add to /etc/fstab
echo "192.168.4.4:/home/ldaphome /home/ldaphome nfs rsize=8192,wsize=8192,timeo=14,intr" >> /etc/fstab

#to /etc/hosts
echo "192.168.4.4 dc-grubben.mottaket.no dc-grubben" >> /etc/hosts

#to /etc/cups/client.conf
echo -e "ServerName 192.168.4.4 \nEncryption IfRequested" >> /etc/cups/client.conf

#apt-get update auto
cp shutdown-apt-upgrade.sh /etc/init.d/
chmod +x /etc/init.d/shutdown-apt-upgrade.sh
#cp shutdown-apt-upgrade.sh /etc/init.d/
update-rc.d shutdown-apt-upgrade.sh stop 10 0 .

#apt-remove
apt-get purge -y network-manager
exit 0

distro je ubuntu 8.04 lts na serveru a 9.10 na klientech, nfs share ma chmod 777 pro test ... peknej vikend vsem!!!

k.