Openldap posix accounts: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) (→sudo) |
||
Zeile 48: | Zeile 48: | ||
passwd: password updated successfully | passwd: password updated successfully | ||
− | =sudo= | + | =sudo opurtunity 1= |
*/etc/pam.d/common-auth | */etc/pam.d/common-auth | ||
#First entry should be | #First entry should be | ||
Zeile 55: | Zeile 55: | ||
*/etc/security/group.conf | */etc/security/group.conf | ||
*;*;*;Al0000-2400;audio,cdrom,dialout,floppy,sudo,adm,video | *;*;*;Al0000-2400;audio,cdrom,dialout,floppy,sudo,adm,video | ||
+ | =sudo opurtunity 2= | ||
+ | *visudo | ||
+ | %it ALL=(ALL:ALL) ALL |
Version vom 18. Januar 2018, 09:44 Uhr
nsswitch anbinden
apt-get install libnss-ldap
Wir benutzen nur eine Konfigurationdatei
ln -sf /etc/ldap/ldap.conf /etc/ldap.conf
ergänzen /etc/nsswitch.conf
passwd: compat ldap group: compat ldap
nsswitch tests
passwd test
getent passwd | grep 3001 leroy:x:2001:3001:leroy:/home/leroy:/bin/bash
group test
getent group | grep 3001 it:*:3001:
id test
id leroy uid=2001(leroy) gid=3001(it) Gruppen=3001(it)
ldap pam install
apt-get install libpam-ldap
Anpassen der Pam
Die Authentifizierung(installation nimmt einstellung schon vor)
gawron:/etc/pam.d# cat common-auth auth sufficient pam_ldap.so auth required pam_unix.so nullok_secure use_first_pass
Das Accounting(installation nimmt einstellung schon vor)
gawron:/etc/pam.d# cat common-account account sufficient pam_ldap.so account required pam_unix.so
Passwort änderungen
gawron:/etc/pam.d# cat common-password password sufficient pam_ldap.so password sufficient pam_unix.so password required pam_deny.so
Die Session
gawron:/etc/pam.d# cat common-session session required pam_mkhomedir.so skel=/etc/skel umask=0022 session required pam_unix.so
Passwort für den User setzen
gawron:/etc/pam.d# passwd leroy New password: Re-enter new password: LDAP password information changed for leroy passwd: password updated successfully
sudo opurtunity 1
- /etc/pam.d/common-auth
#First entry should be auth required pam_group.so use_first_pass
- /etc/security/group.conf
*;*;*;Al0000-2400;audio,cdrom,dialout,floppy,sudo,adm,video
sudo opurtunity 2
- visudo
%it ALL=(ALL:ALL) ALL