admin:services:nss
Différences
Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédenteProchaine révisionLes deux révisions suivantes | ||
admin:nss [2013/07/25 12:26] – section Installation créée bertrand.bonnefoy-claudet | admin:services:nss [2020/03/17 01:15] – toadjaune | ||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
[[: | [[: | ||
- | [[http:// | + | [[http:// |
===== Installation ===== | ===== Installation ===== | ||
- | | + | |
- | Lors de la configuration, il faut spécifier | + | Lors de l' |
- | Il faut préciser les paramètres de recherche dans ''/ | + | * les serveurs LDAP à utiliser : < |
+ | * les services à fournir via cette source : '' | ||
+ | |||
+ | Il faut préciser les paramètres de recherche dans ''/ | ||
+ | |||
+ | Le fichier de conf résultant devrait être le suivant : | ||
+ | |||
+ | <file conf / | ||
+ | # / | ||
+ | # nslcd configuration file. See nslcd.conf(5) | ||
+ | # for details. | ||
+ | |||
+ | # The user and group nslcd should run as. | ||
+ | uid nslcd | ||
+ | gid nslcd | ||
+ | |||
+ | # The location at which the LDAP server(s) should be reachable. | ||
+ | uri ldaps:// | ||
+ | uri ldaps:// | ||
+ | |||
+ | # The search base that will be used for all queries. | ||
+ | base dc=federez, | ||
+ | |||
+ | base passwd cn=Utilisateurs, | ||
+ | base shadow cn=Utilisateurs, | ||
+ | base group ou=posix, | ||
+ | |||
+ | # The LDAP protocol version to use. | ||
+ | ldap_version 3 | ||
+ | |||
+ | # The DN to bind with for normal lookups. | ||
+ | binddn cn=nssauth, | ||
+ | bindpw ********TOP-SECRET-PASSWORD-THAT-MUST-BE-CHANGED-FOR-A-VALID-ONE******** | ||
+ | |||
+ | # SSL options | ||
+ | # The LDAP server uses a Let's Encrypt certificate | ||
+ | ssl on | ||
+ | tls_cacertfile / | ||
+ | tls_reqcert demand | ||
+ | |||
+ | # The search scope. | ||
+ | #scope sub | ||
+ | |||
+ | </ | ||
+ | |||
+ | Redémarrer le service : | ||
service nslcd restart | service nslcd restart | ||
Ligne 20: | Ligne 65: | ||
getent passwd | getent passwd | ||
+ | | ||
+ | ===== sudo ===== | ||
+ | |||
+ | Pour que sudo continue à marcher avec l' | ||
+ | |||
+ | sudoers: | ||
+ | | ||
+ | À FedeRez, on utilise le groupe '' | ||
+ | |||
+ | %sudoldap ALL=(ALL: | ||
+ | | ||
+ | |||
+ | ==== SSH ==== | ||
+ | |||
+ | A la fin de ''/ | ||
+ | |||
+ | AllowGroups root ssh federezadmin | ||
+ | |||
+ | Redémarrer le serveur ssh : | ||
+ | |||
+ | systemctl restart ssh.service | ||
+ | |||
+ | ===== PAM ===== | ||
+ | |||
+ | [[http:// | ||
+ | |||
+ | |||
+ | ==== Home directories ==== | ||
+ | |||
+ | Ajouter la ligne suivante à la fin de ''/ | ||
+ | |||
+ | session required pam_mkhomedir.so skel=/ | ||
| | ||
===== Liens ===== | ===== Liens ===== | ||
- | * Wiki Debian : http:// | + | * Wiki Debian : http:// |
===== Configuration ===== | ===== Configuration ===== | ||
- | <file conf /etc/nsswich.conf> | + | <file conf /etc/nsswitch.conf> |
passwd: | passwd: | ||
group: | group: | ||
Ligne 44: | Ligne 121: | ||
sudoers: | sudoers: | ||
- | |||
</ | </ | ||
- | <file conf / | ||
- | # / | ||
- | # nslcd configuration file. See nslcd.conf(5) | ||
- | # for details. | ||
- | # The user and group nslcd should run as. | ||
- | uid nslcd | ||
- | gid nslcd | ||
- | |||
- | # The location at which the LDAP server(s) should be reachable. | ||
- | uri ldap:// | ||
- | uri ldap:// | ||
- | |||
- | # The search base that will be used for all queries. | ||
- | base dc=federez, | ||
- | |||
- | base passwd ou=users, | ||
- | base shadow ou=users, | ||
- | base group ou=posix, | ||
- | |||
- | # The LDAP protocol version to use. | ||
- | ldap_version 3 | ||
- | |||
- | # The DN to bind with for normal lookups. | ||
- | binddn cn=nssauth, | ||
- | bindpw secret | ||
- | |||
- | # The DN used for password modifications by root. | ||
- | rootpwmoddn cn=nssroot, | ||
- | rootpwmodpw secret | ||
- | |||
- | # SSL options | ||
- | ssl start_tls | ||
- | tls_cacertfile / | ||
- | tls_reqcert demand | ||
- | |||
- | # The search scope. | ||
- | #scope sub | ||
- | |||
- | # FedeRez-specific mapping and filters | ||
- | filter passwd (objectClass=netFederezUser) | ||
- | map passwd uid netFederezUID | ||
- | filter shadow (objectClass=netFederezUser) | ||
- | map shadow uid netFederezUID | ||
- | filter group (objectClass=posixGroup) | ||
- | </ |
admin/services/nss.txt · Dernière modification : 2020/04/26 13:23 de klafyvel