Ldap-аутентификация и pam-mount в Ubuntu 13.10
Ldap-аутентификация
sudo apt-get install ldap-auth-client nscd
sudo auth-client-config -t nss -p lac_ldap
Для ввода компьютера в домен выполнить данный скрипт:
#!/bin/bash if test -z "$1" then clear echo "--------------------------------------------------------------------------" echo " Sorry. Three parameters required. Try run as:" echo "" echo " $0 ldap-server-address proxyuser-password username-for-check " echo "" echo " Example:" echo "" echo " $0 192.168.1.1 qwerty pupkin " echo "--------------------------------------------------------------------------" exit 0 fi apt-get install libnss-ldap -y cp /etc/ldap.conf /etc/ldap.conf.backup cp /etc/nsswitch.conf /etc/nsswitch.conf.backup echo " base ou=Services,dc=calculate binddn cn=proxyuser,dc=calculate bindpw $2 port 389 ldap_version 3 bind_policy soft nss_base_passwd ou=Users,ou=Unix,ou=Services,dc=calculate?one?shadowFlag=1 nss_base_shadow ou=Users,ou=Unix,ou=Services,dc=calculate?one?shadowFlag=1 nss_base_group ou=Groups,ou=Unix,ou=Services,dc=calculate?one pam_password md5 uri ldap://$1 nss_initgroups_ignoreusers avahi,avahi-nss_initgroups_ignoreusers avahi,avahi-autoipd,backup,bin,colord,daemon,games,gnats,hplip,irc,kernoops,libuuid,lightdm,list,lp,mail,man,messagebus,news,nslcd,nx,openldap,proxy,pulse,root,rtkit,saned,speech-dispatcher,sshd,sync,sys,syslog,usbmux,usr1cv8,uucp,whoopsie,www-data " > /etc/ldap.conf echo " passwd: files ldap shadow: files ldap group: files ldap hosts: files dns networks: files dns services: files ldap protocols: files ldap rpc: db files ethers: db files netmasks: files netgroup: nis bootparams: files automount: files ldap aliases: files session required pam_unix.so session required pam_mkhomedir.so skel=/etc/skel/ session optional pam_ldap.so " > /etc/nsswitch.conf echo "session required pam_mkhomedir.so skel=/etc/skel/" >> /etc/pam.d/common-session echo "Check the LDAP-user $3:" id $3 echo "----------------------------"
pam-mount
Ранее для монтирования использовался инструмент smbmount. Теперь вместо него используется cifs!
sudo apt-get install libpam-mount cifs-utils
cat /etc/security/pam_mount.conf.xml
<pam_mount> <mkmountpoint enable="1" remove="true" /> <volume user="*" fstype="cifs" server="cdshost" path="%(USER)/Документы" mountpoint="/home/%(USER)/Документы" options="file_mode=0700,dir_mode=0700,nodev,nosuid,iocharset=utf8" /> <volume user="*" fstype="cifs" server="cdshost" path="%(USER)/Рабочий стол" mountpoint="/home/%(USER)/Desktop" options="file_mode=0700,dir_mode=0700,nodev,nosuid,iocharset=utf8" /> </pam_mount>