Ldap-аутентификация и pam-mount в Ubuntu 13.10: различия между версиями
Перейти к навигации
Перейти к поиску
Vovan (обсуждение | вклад) (→pam-mount) |
Vovan (обсуждение | вклад) (→Ldap-аутентификация) |
||
Строка 1: | Строка 1: | ||
=Ldap-аутентификация= | =Ldap-аутентификация= | ||
+ | |||
+ | sudo apt-get install ldap-auth-client nscd | ||
+ | |||
+ | sudo auth-client-config -t nss -p lac_ldap | ||
+ | |||
+ | Для ввода компьютера в домен выполнить данный скрипт: | ||
+ | |||
+ | <pre> | ||
+ | #!/bin/bash | ||
+ | if test -z "$1" | ||
+ | then | ||
+ | clear | ||
+ | echo "--------------------------------------------------------------------------" | ||
+ | echo " Sorry. Three parameters required. Try run as:" | ||
+ | echo "" | ||
+ | echo " $0 ldap-server-address proxyuser-password username-for-check " | ||
+ | echo "" | ||
+ | echo " Example:" | ||
+ | echo "" | ||
+ | echo " $0 192.168.1.1 qwerty pupkin " | ||
+ | echo "--------------------------------------------------------------------------" | ||
+ | exit 0 | ||
+ | fi | ||
+ | |||
+ | apt-get install libnss-ldap -y | ||
+ | |||
+ | cp /etc/ldap.conf /etc/ldap.conf.backup | ||
+ | cp /etc/nsswitch.conf /etc/nsswitch.conf.backup | ||
+ | |||
+ | echo " | ||
+ | base ou=Services,dc=calculate | ||
+ | binddn cn=proxyuser,dc=calculate | ||
+ | bindpw $2 | ||
+ | port 389 | ||
+ | ldap_version 3 | ||
+ | bind_policy soft | ||
+ | nss_base_passwd ou=Users,ou=Unix,ou=Services,dc=calculate?one?shadowFlag=1 | ||
+ | nss_base_shadow ou=Users,ou=Unix,ou=Services,dc=calculate?one?shadowFlag=1 | ||
+ | nss_base_group ou=Groups,ou=Unix,ou=Services,dc=calculate?one | ||
+ | pam_password md5 | ||
+ | uri ldap://$1 | ||
+ | nss_initgroups_ignoreusers avahi,avahi-nss_initgroups_ignoreusers avahi,avahi-autoipd,backup,bin,colord,daemon,games,gnats,hplip,irc,kernoops,libuuid,lightdm,list,lp,mail,man,messagebus,news,nslcd,nx,openldap,proxy,pulse,root,rtkit,saned,speech-dispatcher,sshd,sync,sys,syslog,usbmux,usr1cv8,uucp,whoopsie,www-data | ||
+ | " > /etc/ldap.conf | ||
+ | |||
+ | echo " | ||
+ | passwd: files ldap | ||
+ | shadow: files ldap | ||
+ | group: files ldap | ||
+ | |||
+ | hosts: files dns | ||
+ | networks: files dns | ||
+ | |||
+ | services: files ldap | ||
+ | protocols: files ldap | ||
+ | rpc: db files | ||
+ | ethers: db files | ||
+ | netmasks: files | ||
+ | |||
+ | netgroup: nis | ||
+ | bootparams: files | ||
+ | |||
+ | automount: files ldap | ||
+ | aliases: files | ||
+ | |||
+ | session required pam_unix.so | ||
+ | session required pam_mkhomedir.so skel=/etc/skel/ | ||
+ | session optional pam_ldap.so | ||
+ | " > /etc/nsswitch.conf | ||
+ | |||
+ | echo "session required pam_mkhomedir.so skel=/etc/skel/" >> /etc/pam.d/common-session | ||
+ | |||
+ | echo "Check the LDAP-user $3:" | ||
+ | id $3 | ||
+ | echo "----------------------------" | ||
+ | </pre> | ||
=pam-mount= | =pam-mount= |
Версия 14:51, 11 января 2014
Ldap-аутентификация
sudo apt-get install ldap-auth-client nscd
sudo auth-client-config -t nss -p lac_ldap
Для ввода компьютера в домен выполнить данный скрипт:
#!/bin/bash if test -z "$1" then clear echo "--------------------------------------------------------------------------" echo " Sorry. Three parameters required. Try run as:" echo "" echo " $0 ldap-server-address proxyuser-password username-for-check " echo "" echo " Example:" echo "" echo " $0 192.168.1.1 qwerty pupkin " echo "--------------------------------------------------------------------------" exit 0 fi apt-get install libnss-ldap -y cp /etc/ldap.conf /etc/ldap.conf.backup cp /etc/nsswitch.conf /etc/nsswitch.conf.backup echo " base ou=Services,dc=calculate binddn cn=proxyuser,dc=calculate bindpw $2 port 389 ldap_version 3 bind_policy soft nss_base_passwd ou=Users,ou=Unix,ou=Services,dc=calculate?one?shadowFlag=1 nss_base_shadow ou=Users,ou=Unix,ou=Services,dc=calculate?one?shadowFlag=1 nss_base_group ou=Groups,ou=Unix,ou=Services,dc=calculate?one pam_password md5 uri ldap://$1 nss_initgroups_ignoreusers avahi,avahi-nss_initgroups_ignoreusers avahi,avahi-autoipd,backup,bin,colord,daemon,games,gnats,hplip,irc,kernoops,libuuid,lightdm,list,lp,mail,man,messagebus,news,nslcd,nx,openldap,proxy,pulse,root,rtkit,saned,speech-dispatcher,sshd,sync,sys,syslog,usbmux,usr1cv8,uucp,whoopsie,www-data " > /etc/ldap.conf echo " passwd: files ldap shadow: files ldap group: files ldap hosts: files dns networks: files dns services: files ldap protocols: files ldap rpc: db files ethers: db files netmasks: files netgroup: nis bootparams: files automount: files ldap aliases: files session required pam_unix.so session required pam_mkhomedir.so skel=/etc/skel/ session optional pam_ldap.so " > /etc/nsswitch.conf echo "session required pam_mkhomedir.so skel=/etc/skel/" >> /etc/pam.d/common-session echo "Check the LDAP-user $3:" id $3 echo "----------------------------"
pam-mount
sudo apt-get install libpam-mount cifs-utils
cat /etc/security/pam_mount.conf.xml
<pam_mount> <mkmountpoint enable="1" remove="true" /> <volume user="*" fstype="cifs" server="cdshost" path="%(USER)/Документы" mountpoint="/home/%(USER)/Документы" options="file_mode=0700,dir_mode=0700,nodev,nosuid,iocharset=utf8" /> <volume user="*" fstype="cifs" server="cdshost" path="%(USER)/Рабочий стол" mountpoint="/home/%(USER)/Desktop" options="file_mode=0700,dir_mode=0700,nodev,nosuid,iocharset=utf8" /> </pam_mount>