PLATFORMS TESTED: Ubuntu 10.04 LTS (Lucid), Ubuntu 11.04 LTS (Natty)
* A vanilla Ubuntu 10.04 (or later) desktop or server install.
* You have shared your user home directories from an NFS server
* You have successfully installed a working LDAP server
* domain name: tuxnetworks.com
* Servername/IP: ldap.tuxnetworks.com 10.1.1.5
* The user "brettg" is a valid LDAP user on your server.
We are going to set up a Lucid client connected to an LDAP server. We should aready have our home directories mounted via NFS.
~$ sudo apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db nscd ldap-utils
You will again be asked a bunch of questions;
LDAP server Uniform Resource Identifier: ldap://ldap.tuxnetworks.com
Distinguished name of the search base: dc=tuxnetworks,dc=com
Make local root Database admin: Yes
Does the LDAP database require login? No
LDAP account for root: cn=admin,dc=tuxnetworks,dc=com
LDAP root password: (The server LDAP root password)
Now we need to edit the following files;
~$ sudo vi /etc/ldap.conf
and edit these lines to look like this;
Find the line that begins with
uri ldapi:// . . .
Comment the line out and replace it with a line like so;
Edit this file;
~$ sudo vi /etc/ldap/ldap.conf
Edit it to look like this;
~$ sudo vi /etc/nsswitch.conf
Enter the following lines;
passwd: files ldap
group: files ldap
shadow: files ldap
hosts: files dns
protocols: db files
services: db files
ethers: db files
rpc: db files
Now update nss to use ldap.
~$ sudo nss_updatedb ldap
If you get an error . . .
Failed to enumerate nameservice: No such file or directory
. . . then check that your uri line in /etc/ldap.conf is correct and the address is pingable.
You should now be able to check the server with;
~$ ldapsearch -x
That command should output a tonne of stuff from the server LDAP directory.
You should now be able to login to the client via ssh using the user "brettg"s credentials
brettg@jupiter:~$ ssh brettg@galileo
Welcome to Ubuntu 11.04 (GNU/Linux 2.6.38-8-generic x86_64)
* Documentation: https://help.ubuntu.com/
Last login: Fri Jun 24 14:13:05 2011 from 10.1.1.80
Take a look at your passwd file to make double sure you are not logging in using local auth;
grep brettg /etc/passwd
If that returns a line then you are probably logged in using a local user. Remove that line from /etc/passwd and try again.
For Gnome Desktop users.
Assigning users to the correct groups at login, create a new file called group.conf and place the following line in it;
We also need to tell pam to use the group.conf settings;
Add this line;
auth optional pam_group.so
Reboot your PC and you should be able to login to gnome using ldap!