Samba e OpenLDAP: creare un controller di dominio con Debian Etch: differenze tra le versioni

Samba e OpenLDAP: creare un controller di dominio con Debian Etch (visualizza wikitesto)

Versione delle 21:26, 11 gen 2009

3 154 byte aggiunti , 11 gen 2009

→‎Unire un server Samba al dominio

Ferdybassi

Burocrati, Amministratori

4 069

contributi

@@ Riga 1 131: / Riga 1 131: @@
 # The ldap-admin account. The appropriate password is in /etc/libnss-ldap.secret. Keep the permissions right.
 rootbinddn cn=admin,dc=dominio,dc=local
+</pre>
+L'installazione del pacchetto libpam-ldap viene eseguita allo stesso modo di quella precedente:
+<pre>
+# apt-get install libpam-ldap
+# dpkg-reconfigure libpam-ldap
+</pre>
+rispondendo in questo modo alle domande poste dall'installer:
+* Server LDAP: 127.0.0.1
+* Distinguished name (DN): dc=dominio,dc=local
+* LDAP version: 3
+* Make local root Database admin: sí
+* Si richiede utente per database LDAP: no
+* LDAP account for root cn=admin,dc=dominio,dc=local
+* LDAP root password: password
+* Local crypt to use when changing passwords: md5
+Ora è necessario andare a modificare i quattro files che gestiscono la configurazione di pam per LDAP in modo che il loro contenuto sia:<br/><br/>
+'''/etc/pam.d/common-account'''<br/>
+<pre>
+#
+#/etc/pam.d/common-account - authorization settings common to all services
+##
+This file is included from other service-specific PAM config files,
+# and should contain a list of the authorization modules that define
+# the central access policy for use on the system. The default is to
+# only deny service to users whose accounts are expired in /etc/shadow.
+#
+#account required pam_unix.so
+account sufficient pam_ldap.so
+account required pam_unix.so try_first_pass
+</pre>
+<br/>
+'''/etc/pam.d/common-auth'''<br/>
+<pre>
+#
+# /etc/pam.d/common-auth - authentication settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authentication modules that define
+# the central authentication scheme for use on the system
+# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
+# traditional Unix authentication mechanisms.
+#
+#auth required pam_unix.so nullok_secure
+auth sufficient pam_ldap.so
+auth required pam_unix.so nullok_secure use_first_pass
+</pre>
+<br/>
+'''/etc/pam.d/common-password'''<br/>
+<pre>
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+#This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+#used to change user passwords. The default is pam_unix
+# The "nullok" option allows users to change an empty password, else
+# empty passwords are treated as locked accounts.
+#
+# (Add `md5' after the module name to enable MD5 passwords)
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs. Also the "min" and "max" options enforce the length of the
+# new password.
+#password required pam_unix.so nullok obscure min=4 max=8 md5
+# Alternate strength checking for password. Note that this
+# requires the libpam-cracklib package to be installed.
+# You will need to comment out the password line above and
+# uncomment the next two in order to use this.
+# (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH')
+#
+# password required pam_cracklib.so retry=3 minlen=6 difok=3
+# password required pam_unix.so use_authtok nullok md5
+password sufficient pam_ldap.so
+password required pam_unix.so nullok obscure min=4 max=8 md5 use_first_pass
+</pre>
+<br/>
+'''/etc/pam.d/common-session'''<br/>
+<pre>
+session    sufficient      pam_ldap.so
+session    required        pam_unix.so
 </pre>
 Ora facciamo ripartire i demoni: