特殊:Badtitle/NS100:OSXLDAPClientAuthentication:修订间差异
小 新页面: {{From|https://help.ubuntu.com/community/OSXLDAPClientAuthentication}} {{Languages|UbuntuHelp:OSXLDAPClientAuthentication}} Purpose - make an Ubuntu install authenticate against a Leopard... |
小无编辑摘要 |
||
第2行: | 第2行: | ||
{{Languages|UbuntuHelp:OSXLDAPClientAuthentication}} | {{Languages|UbuntuHelp:OSXLDAPClientAuthentication}} | ||
Purpose - make an Ubuntu install authenticate against a Leopard Server with an Open Directory Master running on it. | Purpose - make an Ubuntu install authenticate against a Leopard Server with an Open Directory Master running on it. | ||
Details taken from [ "LDAPClientAuthentication" ]. Here's a quick how-to on how to get authenticating (partially) successfully against a Leopard Server. | Details taken from [ "LDAPClientAuthentication" ]. Here's a quick how-to on how to get authenticating (partially) successfully against a Leopard and Tiger Server. | ||
* apt-get install libpam-ldap libnss-ldap nss-updatedb | * apt-get install libpam-ldap libnss-ldap nss-updatedb | ||
To complete this recipe you will need: | To complete this recipe you will need: | ||
第13行: | 第13行: | ||
* base cn=users,"SearchBase" | * base cn=users,"SearchBase" | ||
** i.e. base cn=users,dc=blah,dc=blah,dc=blah | ** i.e. base cn=users,dc=blah,dc=blah,dc=blah | ||
New for 8.04 it seems we need to also ignore the "root" user in the Open Directory. So add to your /etc/ldap.conf | |||
* pam_filter !(uid=root) | |||
Thanks for figuring this out, Bart. | |||
Then edit /etc/nsswitch.conf and change the passwd, group, and shadow lines to resemble: | Then edit /etc/nsswitch.conf and change the passwd, group, and shadow lines to resemble: | ||
* passwd: files ldap | * passwd: files ldap | ||
* group: files ldap | * group: files ldap | ||
* shadow: files ldap | * shadow: files ldap | ||
Have /etc/pam.d/common-account read | |||
* auth sufficient pam_ldap.so | * account sufficient pam_ldap.so | ||
* account required pam_unix.so | |||
Have /etc/pam.d/common-auth read | |||
* auth sufficient pam_ldap.so | |||
* auth required pam_unix.so nullok_secure try_first_pass | |||
Have /etc/pam.d/common-passwd read | |||
* password sufficient pam_ldap.so md5 | |||
* password required pam_unix.so nullok obscure md5 | |||
* password optional pam_smbpass.so nullok use_authtok try_first_pass missingok | |||
Finally, have /etc/pam.d/common-session read | |||
* session sufficient pam_ldap.so | |||
* session required pam_unix.so | |||
You should be good to go. Test with a command like: | You should be good to go. Test with a command like: | ||
getent passwd | getent passwd |
2008年10月19日 (日) 16:44的版本
文章出处: |
{{#if: | {{{2}}} | https://help.ubuntu.com/community/OSXLDAPClientAuthentication }} |
点击翻译: |
English {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/af | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|Afrikaans| [[::OSXLDAPClientAuthentication/af|Afrikaans]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/ar | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|العربية| [[::OSXLDAPClientAuthentication/ar|العربية]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/az | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|azərbaycanca| [[::OSXLDAPClientAuthentication/az|azərbaycanca]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/bcc | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|جهلسری بلوچی| [[::OSXLDAPClientAuthentication/bcc|جهلسری بلوچی]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/bg | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|български| [[::OSXLDAPClientAuthentication/bg|български]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/br | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|brezhoneg| [[::OSXLDAPClientAuthentication/br|brezhoneg]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/ca | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|català| [[::OSXLDAPClientAuthentication/ca|català]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/cs | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|čeština| [[::OSXLDAPClientAuthentication/cs|čeština]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/de | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|Deutsch| [[::OSXLDAPClientAuthentication/de|Deutsch]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/el | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|Ελληνικά| [[::OSXLDAPClientAuthentication/el|Ελληνικά]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/es | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|español| [[::OSXLDAPClientAuthentication/es|español]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/fa | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|فارسی| [[::OSXLDAPClientAuthentication/fa|فارسی]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/fi | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|suomi| [[::OSXLDAPClientAuthentication/fi|suomi]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/fr | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|français| [[::OSXLDAPClientAuthentication/fr|français]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/gu | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|ગુજરાતી| [[::OSXLDAPClientAuthentication/gu|ગુજરાતી]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/he | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|עברית| [[::OSXLDAPClientAuthentication/he|עברית]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/hu | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|magyar| [[::OSXLDAPClientAuthentication/hu|magyar]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/id | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|Bahasa Indonesia| [[::OSXLDAPClientAuthentication/id|Bahasa Indonesia]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/it | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|italiano| [[::OSXLDAPClientAuthentication/it|italiano]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/ja | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|日本語| [[::OSXLDAPClientAuthentication/ja|日本語]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/ko | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|한국어| [[::OSXLDAPClientAuthentication/ko|한국어]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/ksh | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|Ripoarisch| [[::OSXLDAPClientAuthentication/ksh|Ripoarisch]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/mr | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|मराठी| [[::OSXLDAPClientAuthentication/mr|मराठी]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/ms | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|Bahasa Melayu| [[::OSXLDAPClientAuthentication/ms|Bahasa Melayu]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/nl | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|Nederlands| [[::OSXLDAPClientAuthentication/nl|Nederlands]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/no | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|norsk| [[::OSXLDAPClientAuthentication/no|norsk]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/oc | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|occitan| [[::OSXLDAPClientAuthentication/oc|occitan]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/pl | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|polski| [[::OSXLDAPClientAuthentication/pl|polski]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/pt | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|português| [[::OSXLDAPClientAuthentication/pt|português]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/ro | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|română| [[::OSXLDAPClientAuthentication/ro|română]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/ru | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|русский| [[::OSXLDAPClientAuthentication/ru|русский]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/si | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|සිංහල| [[::OSXLDAPClientAuthentication/si|සිංහල]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/sq | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|shqip| [[::OSXLDAPClientAuthentication/sq|shqip]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/sr | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|српски / srpski| [[::OSXLDAPClientAuthentication/sr|српски / srpski]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/sv | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|svenska| [[::OSXLDAPClientAuthentication/sv|svenska]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/th | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|ไทย| [[::OSXLDAPClientAuthentication/th|ไทย]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/tr | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|Türkçe| [[::OSXLDAPClientAuthentication/tr|Türkçe]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/vi | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|Tiếng Việt| [[::OSXLDAPClientAuthentication/vi|Tiếng Việt]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/yue | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|粵語| [[::OSXLDAPClientAuthentication/yue|粵語]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/zh | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|中文| [[::OSXLDAPClientAuthentication/zh|中文]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/zh-hans | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|中文(简体)| [[::OSXLDAPClientAuthentication/zh-hans|中文(简体)]]}}|}} {{#ifexist: {{#if: UbuntuHelp:OSXLDAPClientAuthentication | UbuntuHelp:OSXLDAPClientAuthentication | {{#if: | :}}OSXLDAPClientAuthentication}}/zh-hant | • {{#if: UbuntuHelp:OSXLDAPClientAuthentication|中文(繁體)| [[::OSXLDAPClientAuthentication/zh-hant|中文(繁體)]]}}|}} |
{{#ifeq:UbuntuHelp:OSXLDAPClientAuthentication|:OSXLDAPClientAuthentication|请不要直接编辑翻译本页,本页将定期与来源同步。}} |
{{#ifexist: :OSXLDAPClientAuthentication/zh | | {{#ifexist: OSXLDAPClientAuthentication/zh | | {{#ifeq: {{#titleparts:OSXLDAPClientAuthentication|1|-1|}} | zh | | }} }} }} {{#ifeq: {{#titleparts:OSXLDAPClientAuthentication|1|-1|}} | zh | | }}
Purpose - make an Ubuntu install authenticate against a Leopard Server with an Open Directory Master running on it. Details taken from [ "LDAPClientAuthentication" ]. Here's a quick how-to on how to get authenticating (partially) successfully against a Leopard and Tiger Server.
- apt-get install libpam-ldap libnss-ldap nss-updatedb
To complete this recipe you will need:
- host "ip for your server"
- Open Directory Search Base - from Server Admin, Open Directory Overview
- LDAP Search Base: dc=blah,dc=blah,dc=blah
- call this "SearchBase"
I ended up just editing the /etc/ldap.conf file manually. The only lines I need to change were:
- host "IP ADDRESS"
- base cn=users,"SearchBase"
- i.e. base cn=users,dc=blah,dc=blah,dc=blah
New for 8.04 it seems we need to also ignore the "root" user in the Open Directory. So add to your /etc/ldap.conf
- pam_filter !(uid=root)
Thanks for figuring this out, Bart. Then edit /etc/nsswitch.conf and change the passwd, group, and shadow lines to resemble:
- passwd: files ldap
- group: files ldap
- shadow: files ldap
Have /etc/pam.d/common-account read
- account sufficient pam_ldap.so
- account required pam_unix.so
Have /etc/pam.d/common-auth read
- auth sufficient pam_ldap.so
- auth required pam_unix.so nullok_secure try_first_pass
Have /etc/pam.d/common-passwd read
- password sufficient pam_ldap.so md5
- password required pam_unix.so nullok obscure md5
- password optional pam_smbpass.so nullok use_authtok try_first_pass missingok
Finally, have /etc/pam.d/common-session read
- session sufficient pam_ldap.so
- session required pam_unix.so
You should be good to go. Test with a command like: getent passwd You should see your local accounts followed by your Open Directory accounts. Now you can try to "su" to one of the OD users. Finally try to ssh in as one of the OD users.