Saturday, 24 April 2010

HOWTO: LDAP Client on 10.04 Lucid Lynx

This is essentially the same as my previous Hardy Heron LDAP howto but with some steps removed. Rather than edit the old article I thought I'd just reproduce it with the appropriate parts omitted. This howto is also relevant to Jaunty and Karmic. The LDAP Server howto can be found here.

PLATFORMS TESTED: Ubuntu 10.04 LTS (Lucid), Ubuntu 11.04 LTS (Natty)

PREREQUISITES:
* A vanilla Ubuntu 10.04 (or later) desktop or server install.
* You have shared your user home directories from an NFS server
* You have successfully installed a working LDAP server

Network overview;
* domain name: tuxnetworks.com
* Servername/IP: ldap.tuxnetworks.com 10.1.1.5
* The user "brettg" is a valid LDAP user on your server.

We are going to set up a Lucid client connected to an LDAP server. We should aready have our home directories mounted via NFS.

~$ sudo apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db nscd ldap-utils

You will again be asked a bunch of questions;

LDAP server Uniform Resource Identifier: ldap://ldap.tuxnetworks.com
Distinguished name of the search base: dc=tuxnetworks,dc=com
ldap://ldap.tuxnetworks.com 3
Make local root Database admin: Yes
Does the LDAP database require login? No
LDAP account for root: cn=admin,dc=tuxnetworks,dc=com
LDAP root password: (The server LDAP root password)


Now we need to edit the following files;

~$ sudo vi /etc/ldap.conf

and edit these lines to look like this;

bind_policy soft

pam_password crypt

Find the line that begins with uri ldapi:// . . .

Comment the line out and replace it with a line like so;

uri ldap://ldap.tuxnetworks.com/

Edit this file;

~$ sudo vi /etc/ldap/ldap.conf

Edit it to look like this;
BASE    dc=tuxnetworks,dc=com
URI     ldap://ldap.tuxnetworks.com 

SIZELIMIT       0
TIMELIMIT       0
DEREF           never

Edit nsswitch.conf

~$ sudo vi /etc/nsswitch.conf

Enter the following lines;

passwd:         files ldap
group:          files ldap
shadow:         files ldap

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

Now update nss to use ldap.

~$ sudo nss_updatedb ldap
passwd... done.
group... done.


Note:
If you get an error . . .
Failed to enumerate nameservice: No such file or directory

. . . then check that your uri line in /etc/ldap.conf is correct and the address is pingable.


You should now be able to check the server with;

~$ ldapsearch -x

That command should output a tonne of stuff from the server LDAP directory.

getent passwd

You should now be able to login to the client via ssh using the user "brettg"s credentials
brettg@jupiter:~$ ssh brettg@galileo
Welcome to Ubuntu 11.04 (GNU/Linux 2.6.38-8-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

Last login: Fri Jun 24 14:13:05 2011 from 10.1.1.80
brettg@galileo:~$


Take a look at your passwd file to make double sure you are not logging in using local auth;

grep brettg /etc/passwd

If that returns a line then you are probably logged in using a local user. Remove that line from /etc/passwd and try again.

For Gnome Desktop users.

Assigning users to the correct groups at login, create a new file called group.conf and place the following line in it;
vi /etc/security/group.conf

gdm;*;*;Al0000-9000;floppy,audio,cdrom,video,plugdev,scanner


We also need to tell pam to use the group.conf settings;
vi /etc/pam.d/gdm

Add this line;

auth optional pam_group.so

Reboot your PC and you should be able to login to gnome using ldap!
Posted by at 47 comments:
Labels: , , , , , ,

Wednesday, 21 April 2010

Network monitoring with ntop

Install ntop
sudo apt-get install ntop

Create the directories that for some reason are not created by the installer
sudo mkdir /var/lib/ntop/rrd
sudo mkdir /var/lib/ntop/rrd/graphics
sudo mkdir /var/lib/ntop/rrd/flows
sudo mkdir /var/lib/ntop/rrd/interfaces
sudo mkdir /var/lib/ntop/rrd/interfaces/eth0
sudo mkdir /var/lib/ntop/rrd/interfaces/ppp0
sudo chmod -R 775 /var/lib/ntop

Start ntop on selected interface ppp0 (you will be asked to create an admin password, don't forget it!) 
sudo ntop -i ppp0

browse to the ntop web interface at 
http://router.example.com:3000

To manually start as a daemon, use 
sudo ntop -i ppp0 --daemon

You can use the usual init scripts to start ntop;
sudo /etc/init.d/ntop start

In my case I need to monitor ppp0 so I need to edit /var/lib/ntop/init.cfg
vi /var/lib/ntop/init.cfg

and change the interface to ppp0.
Posted by at 1 comment:
Labels: , , ,
Subscribe to: Posts (Atom)