Ldap-аутентификация и pam-mount в Ubuntu 13.10

Материал из wiki.nntc.nnov.ru
Перейти к навигации Перейти к поиску

Ldap-аутентификация

sudo apt-get install ldap-auth-client nscd

sudo auth-client-config -t nss -p lac_ldap

Для ввода компьютера в домен выполнить данный скрипт: 

#!/bin/bash
if test -z "$1"
then
  clear
  echo "--------------------------------------------------------------------------"
  echo " Sorry. Three parameters required. Try run as:"
  echo ""
  echo " $0 ldap-server-address proxyuser-password username-for-check "
  echo ""
  echo " Example:"
  echo ""
  echo " $0 192.168.1.1 qwerty pupkin "
  echo "--------------------------------------------------------------------------"
exit 0
fi

apt-get install libnss-ldap -y

cp /etc/ldap.conf /etc/ldap.conf.backup
cp /etc/nsswitch.conf /etc/nsswitch.conf.backup

echo "
base ou=Services,dc=calculate
binddn cn=proxyuser,dc=calculate
bindpw $2
port 389
ldap_version 3
bind_policy soft
nss_base_passwd ou=Users,ou=Unix,ou=Services,dc=calculate?one?shadowFlag=1
nss_base_shadow ou=Users,ou=Unix,ou=Services,dc=calculate?one?shadowFlag=1
nss_base_group ou=Groups,ou=Unix,ou=Services,dc=calculate?one
pam_password md5
uri ldap://$1
nss_initgroups_ignoreusers avahi,avahi-nss_initgroups_ignoreusers avahi,avahi-autoipd,backup,bin,colord,daemon,games,gnats,hplip,irc,kernoops,libuuid,lightdm,list,lp,mail,man,messagebus,news,nslcd,nx,openldap,proxy,pulse,root,rtkit,saned,speech-dispatcher,sshd,sync,sys,syslog,usbmux,usr1cv8,uucp,whoopsie,www-data
" > /etc/ldap.conf

echo "
passwd: files ldap
shadow: files ldap
group: files ldap

hosts:       files dns
networks:    files dns

services:    files ldap
protocols:   files ldap
rpc:         db files
ethers:      db files
netmasks:    files

netgroup: nis
bootparams:  files

automount:   files ldap
aliases:     files

session required        pam_unix.so
session required        pam_mkhomedir.so skel=/etc/skel/
session optional        pam_ldap.so
" > /etc/nsswitch.conf

echo "session required pam_mkhomedir.so skel=/etc/skel/" >> /etc/pam.d/common-session

echo "Check the LDAP-user $3:"
id $3
echo "----------------------------"

pam-mount

Ранее для монтирования использовался инструмент smbmount. Теперь вместо него используется cifs! 


sudo apt-get install libpam-mount cifs-utils

cat /etc/security/pam_mount.conf.xml

<pam_mount>
<mkmountpoint enable="1" remove="true" />
<volume user="*" fstype="cifs" server="cdshost" path="%(USER)/Документы" mountpoint="/home/%(USER)/Документы" options="file_mode=0700,dir_mode=0700,nodev,nosuid,iocharset=utf8" />
<volume user="*" fstype="cifs" server="cdshost" path="%(USER)/Рабочий стол" mountpoint="/home/%(USER)/Desktop" options="file_mode=0700,dir_mode=0700,nodev,nosuid,iocharset=utf8" />
</pam_mount>
Источник — https://wiki.nntc.nnov.ru/index.php?title=Ldap-аутентификация_и_pam-mount_в_Ubuntu_13.10&oldid=7606