特殊:Badtitle/NS100:UbuntuLTSP/OpenLDAP NFS SSL
文章出处: |
{{#if: | {{{2}}} | https://help.ubuntu.com/community/UbuntuLTSP/OpenLDAP_NFS_SSL }} |
点击翻译: |
English {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/af | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|Afrikaans| [[::UbuntuLTSP/OpenLDAP NFS SSL/af|Afrikaans]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/ar | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|العربية| [[::UbuntuLTSP/OpenLDAP NFS SSL/ar|العربية]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/az | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|azərbaycanca| [[::UbuntuLTSP/OpenLDAP NFS SSL/az|azərbaycanca]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/bcc | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|جهلسری بلوچی| [[::UbuntuLTSP/OpenLDAP NFS SSL/bcc|جهلسری بلوچی]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/bg | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|български| [[::UbuntuLTSP/OpenLDAP NFS SSL/bg|български]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/br | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|brezhoneg| [[::UbuntuLTSP/OpenLDAP NFS SSL/br|brezhoneg]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/ca | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|català| [[::UbuntuLTSP/OpenLDAP NFS SSL/ca|català]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/cs | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|čeština| [[::UbuntuLTSP/OpenLDAP NFS SSL/cs|čeština]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/de | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|Deutsch| [[::UbuntuLTSP/OpenLDAP NFS SSL/de|Deutsch]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/el | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|Ελληνικά| [[::UbuntuLTSP/OpenLDAP NFS SSL/el|Ελληνικά]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/es | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|español| [[::UbuntuLTSP/OpenLDAP NFS SSL/es|español]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/fa | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|فارسی| [[::UbuntuLTSP/OpenLDAP NFS SSL/fa|فارسی]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/fi | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|suomi| [[::UbuntuLTSP/OpenLDAP NFS SSL/fi|suomi]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/fr | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|français| [[::UbuntuLTSP/OpenLDAP NFS SSL/fr|français]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/gu | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|ગુજરાતી| [[::UbuntuLTSP/OpenLDAP NFS SSL/gu|ગુજરાતી]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/he | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|עברית| [[::UbuntuLTSP/OpenLDAP NFS SSL/he|עברית]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/hu | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|magyar| [[::UbuntuLTSP/OpenLDAP NFS SSL/hu|magyar]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/id | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|Bahasa Indonesia| [[::UbuntuLTSP/OpenLDAP NFS SSL/id|Bahasa Indonesia]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/it | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|italiano| [[::UbuntuLTSP/OpenLDAP NFS SSL/it|italiano]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/ja | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|日本語| [[::UbuntuLTSP/OpenLDAP NFS SSL/ja|日本語]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/ko | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|한국어| [[::UbuntuLTSP/OpenLDAP NFS SSL/ko|한국어]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/ksh | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|Ripoarisch| [[::UbuntuLTSP/OpenLDAP NFS SSL/ksh|Ripoarisch]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/mr | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|मराठी| [[::UbuntuLTSP/OpenLDAP NFS SSL/mr|मराठी]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/ms | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|Bahasa Melayu| [[::UbuntuLTSP/OpenLDAP NFS SSL/ms|Bahasa Melayu]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/nl | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|Nederlands| [[::UbuntuLTSP/OpenLDAP NFS SSL/nl|Nederlands]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/no | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|norsk| [[::UbuntuLTSP/OpenLDAP NFS SSL/no|norsk]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/oc | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|occitan| [[::UbuntuLTSP/OpenLDAP NFS SSL/oc|occitan]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/pl | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|polski| [[::UbuntuLTSP/OpenLDAP NFS SSL/pl|polski]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/pt | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|português| [[::UbuntuLTSP/OpenLDAP NFS SSL/pt|português]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/ro | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|română| [[::UbuntuLTSP/OpenLDAP NFS SSL/ro|română]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/ru | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|русский| [[::UbuntuLTSP/OpenLDAP NFS SSL/ru|русский]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/si | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|සිංහල| [[::UbuntuLTSP/OpenLDAP NFS SSL/si|සිංහල]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/sq | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|shqip| [[::UbuntuLTSP/OpenLDAP NFS SSL/sq|shqip]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/sr | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|српски / srpski| [[::UbuntuLTSP/OpenLDAP NFS SSL/sr|српски / srpski]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/sv | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|svenska| [[::UbuntuLTSP/OpenLDAP NFS SSL/sv|svenska]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/th | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|ไทย| [[::UbuntuLTSP/OpenLDAP NFS SSL/th|ไทย]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/tr | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|Türkçe| [[::UbuntuLTSP/OpenLDAP NFS SSL/tr|Türkçe]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/vi | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|Tiếng Việt| [[::UbuntuLTSP/OpenLDAP NFS SSL/vi|Tiếng Việt]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/yue | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|粵語| [[::UbuntuLTSP/OpenLDAP NFS SSL/yue|粵語]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/zh | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|中文| [[::UbuntuLTSP/OpenLDAP NFS SSL/zh|中文]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/zh-hans | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|中文(简体)| [[::UbuntuLTSP/OpenLDAP NFS SSL/zh-hans|中文(简体)]]}}|}} {{#ifexist: {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL | {{#if: | :}}UbuntuLTSP/OpenLDAP NFS SSL}}/zh-hant | • {{#if: UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|中文(繁體)| [[::UbuntuLTSP/OpenLDAP NFS SSL/zh-hant|中文(繁體)]]}}|}} |
{{#ifeq:UbuntuHelp:UbuntuLTSP/OpenLDAP_NFS_SSL|:UbuntuLTSP/OpenLDAP NFS SSL|请不要直接编辑翻译本页,本页将定期与来源同步。}} |
{{#ifexist: :UbuntuLTSP/OpenLDAP NFS SSL/zh | | {{#ifexist: UbuntuLTSP/OpenLDAP NFS SSL/zh | | {{#ifeq: {{#titleparts:UbuntuLTSP/OpenLDAP NFS SSL|1|-1|}} | zh | | }} }} }} {{#ifeq: {{#titleparts:UbuntuLTSP/OpenLDAP NFS SSL|1|-1|}} | zh | | }}
This page is specific to Ubuntu versions 8.04 |
If you find this information applicable to additional versions/releases, please edit this page and modify this header to reflect that. Please also include any necessary modifications for this information to apply to the additional versions.
OpenLDAP, NFS and SSL with LTSP5
In this guide there are two server machines. The first is a server with two network cards (LTSP5). The second server has the home directory (NFS) and centralized logging (OpenLDAP, SSL). The installation sequence follows:
- Install LTSP5 on the server with the two network cards. Install Webmin with package 'libio-socket-ssl-perl'.
- On the OpenLDAP-server, install:
- OpenLDAP service
- SSL encryption
- Webmin with package 'libio-socket-ssl-perl'
- LDAP client programs
- On the LTSP5-server, install the LDAP client programs and edit all the PAM files.
Both servers' superuser (sudo-user) is local, they have not been exported to the OpenLDAP-server. LTSP5-server has also one normal local user. These IDs appear in the /etc/passwd file similar to below. LTSP5
admin-ltsp5:x:1000:1000:Administrator LTSP5,,,:/root/admin-ltsp5:/bin/bash user-ltsp5:x:1001:1001:User LTSP5,,,,:/root/user-ltsp5:/bin/bash
OpenLDAP
admin-openldap:x:1000:1000:Administrator OpenLDAP,,,:/root/admin-openldap:/bin/bash
All installation files are located here: http://www.arkki.info/howto/Wiki/LTSP5-openLDAP-Perusasennus/
LAN, addresses, IDs and passwords
This guide uses this kind of basic local area network.
Internet | ----------- Router/Switch ----------- | (eth0) (eth0) | LTSP5-server OpenLDAP-server | (eth1) Switch | Thin Client
LAN IP-addresses are as follows. LTSP5 server doing the NAT translation between thin clients and Internet. {i} Router/Switch - 192.168.1.1 | LTSP5-server - 192.168.1.2 - ubuntu-ltsp5 | OpenLDAP-server - 192.168.1.3 - ubuntu-openldap | Thin Client - 192.168.0.10 - ubuntu-10 IDs and passwords, which were used in this installation. {i} ubuntu-ltsp5 - admin-ltsp5 - TP2009ltsp | ubuntu-openldap - admin-openldap - TP2009ltsp | ubuntu-10 - ltsp001 - edubuntu OpenLDAP server manager and the NSS-user IDs and passwords are as follows. {i} cn=manager,dc=arkki,dc=info - TP2009ldap | cn=nss,dc=arkki,dc=info - TP2009nss OpenLDAP-server's directory structure is this in this guide.
dc=info | dc=arkki----|----------| | | | ou=Users ou=Groups cn=nss | | | cn=Users | cn=ltsp001, ltsp002 ...
OpenLDAP installation
Install package 'slapd' on the OpenLDAP-server. Necessary programs for processing OpenLDAP database are in the package 'ldap-utils'.
sudo apt-get install slapd ldap-utils
OpenLDAP (slapd) installation opens a text-based setup program, but it can be safely ignored. Copy the original configuration file and copy only the following lines in the new configuration file or/and remove the all the original lines. {i} Basic mode for all the /etc-directory's files are "644". One exception is the file 'ldap.secret'. It has to be in the mode "600"! OpenLDAP-server's manager-user's password has to create first. The password is "TP2009ldap". Encrypted password will be placed in the slapd.conf file.
slappasswd -h {MD5} New password: Re-enter new password: {MD5}0H0NPb1xLD770iuQqZYkqQ== root@ubuntu-openldap:~#
sudo nano /etc/ldap/slapd.conf
include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args loglevel 256 modulepath /usr/lib/ldap moduleload back_hdb sizelimit 500 tool-threads 1 backend hdb database hdb suffix "dc=arkki,dc=info" rootdn "cn=manager,dc=arkki,dc=info" rootpw {MD5}0H0NPb1xLD770iuQqZYkqQ== directory "/var/lib/ldap" dbconfig set_cachesize 0 2097152 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500 index objectClass eq lastmod on checkpoint 512 30 access to attrs=userPassword,shadowLastChange by dn="cn=manager,dc=arkki,dc=info" write by anonymous auth by self write by * none access to * by dn="cn=manager,dc=arkki,dc=info" write by dn="cn=nss,dc=arkki,dc=info" read by * auth
Add to the /etc/syslog.conf file next line, and create the log-file, too.
local4.* /var/log/ldap.log
sudo touch /var/log/ldap.log
Start the OpenLDAP server.
/etc/init.d/slapd start Starting OpenLDAP: slapd.
Create the basic design of the OpenLDAP-server. The file is 'base.ldif'.
dn: dc=arkki,dc=info objectclass: organization objectclass: dcObject o: Arkki dc: arkki description: Arkki - Asmo Koskinen dn: ou=Hosts,dc=arkki,dc=info ou: Hosts objectClass: top objectClass: organizationalUnit objectClass: domainRelatedObject associatedDomain: arkki.info dn: ou=Peopledc=arkki,dc=info ou: People objectClass: top objectClass: organizationalUnit objectClass: domainRelatedObject associatedDomain: arkki.info dn: ou=Groups,dc=arkki,dc=info ou: Groups objectClass: top objectClass: organizationalUnit objectClass: domainRelatedObject associatedDomain: arkki.info dn: cn=users,ou=Groups,dc=arkki,dc=info objectClass: posixGroup cn: users gidNumber: 10000
Run this file on the OpenLDAP-server. Manager-user's password is "TP2009ldap".
ldapadd -W -x -D "cn=manager,dc=arkki,dc=info" -f base.ldif Enter LDAP Password: adding new entry "dc=arkki,dc=info" adding new entry "ou=Hosts,dc=arkki,dc=info" adding new entry "ou=People,dc=arkki,dc=info" adding new entry "ou=Groups,dc=arkki,dc=info" adding new entry "cn=users,ou=Groups,dc=arkki,dc=info"
OpenLDAP-server's manager- and nss-users
OpenLDAP server has two users with different roles. Manager-user can write, read and execute the data. NSS-user can just read. Create nss-user, first make new 'nss.ldif' file.
dn: cn=nss, dc=arkki,dc=info objectClass: organizationalRole objectClass: simpleSecurityObject cn: nss description: LDAP NSS user userPassword: {MD5}iJ/UWG+ALKWLTgwEmmZj4Q==
The encrypted password is created same way as with manager-user. Place passwd directly in the 'nss.ldif' file. The password is "TP2009nss". Then run 'nss.ldif' file in the OpenLDAP-server.
slappasswd -h {MD5} New password: Re-enter new password: {MD5}iJ/UWG+ALKWLTgwEmmZj4Q==
ldapadd -W -x -D "cn=manager,dc=arkki,dc=info" -f nss.ldif Enter LDAP Password: adding new entry "cn=nss, dc=arkki,dc=info"
Restart the OpenLDAP-server.
/etc/init.d/slapd restart Stopping OpenLDAP: slapd. Starting OpenLDAP: slapd.
OpenLDAP-server has Webmin software. Here are screenshots about Webmin program with module LDAP Server.
SSL-encryption on the OpenLDAP-server
Without SSL-encryption all the passwords through a local network are visible clear. First read this guide, https://help.ubuntu.com/community/SecuringOpenLDAPConnections /!\ You have to use DNS (files or server) for both servers!
admin-ltsp5@ubuntu-ltsp5:~$ cat /etc/hosts 127.0.0.1 localhost 192.168.1.2 ubuntu-ltsp5 192.168.1.3 ubuntu-openldap 192.168.0.10 ubuntu-10
The most important thing is to put in the "Common Name" line the OpenLDAP-server's DNS name, in this guide "ubuntu-openldap". This information must be in all the client machines 'hosts' files, if you do not have DNS-server somewhere on the LAN. The SSL-certificate is a rsa-key with a length of 1024 bits and valid for 10 years. The certificate is named after the server itself.
sudo openssl req -newkey rsa:1024 -x509 -nodes -out ubuntu-openldap.pem -keyout ubuntu-openldap.pem -days 3650 Generating a 1024 bit RSA private key [--] writing new private key to 'ubuntu-openldap.pem' [--] Common Name (eg, YOUR name) []:ubuntu-openldap
SSL-certificate information and the location have to add to the 'slapd.conf' file. In this guide new directory has been created - '/etc/ldap/ssl'. New 'ubuntu-openldap.pem' file is placed in this new directory. Add these lines in the '/etc/ldap/slapd.conf' file.
TLSCACertificateFile /etc/ldap/ssl/ubuntu-openldap.pem TLSCertificateFile /etc/ldap/ssl/ubuntu-openldap.pem TLSCertificateKeyFile /etc/ldap/ssl/ubuntu-openldap.pem
Edit the '/etc/default/slapd' file. Add new row - SLAPD_SERVICES="ldap:/// ldaps:///"- but do not do anything else.
SLAPD_CONF= SLAPD_USER="openldap" SLAPD_GROUP="openldap" SLAPD_PIDFILE= SLAPD_SERVICES="ldap:/// ldaps:///" SLAPD_SENTINEL_FILE=/etc/ldap/noslapd SLAPD_OPTIONS=""
Test the new certificate on the OpenLDAP-server.
openssl s_client -connect ubuntu-openldap:636 -showcerts [--] Server certificate subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=ubuntu-openldap issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=ubuntu-openldap --- No client certificate CA names sent --- SSL handshake has read 1095 bytes and written 316 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 1024 bit [--]
LDAP client programs on the OpenLDAP-server
To use Webmin, OpenLDAP-server needs LDAP client programs. /!\ OpenLDAP-server do not use itself OpenLDAP-services. And do not edit 'PAM' files on the OpenLDAP-server. But use SSL encryption on the OpenLDAP-server. Remember that the mode for the 'ldap.secret' should be "600." Only the root user is allowed to read it! Install LDAP client programs.
sudo apt-get install ldap-auth-client libpam-ldap libnss-ldap
Make the following changes to configuration files. Copy and save original files. /etc/ldap/ldap.conf
BASE dc=arkki,dc=info uri ldaps://ubuntu-openldap TLS_REQCERT allow
/etc/ldap.conf
base dc=arkki,dc=info uri ldaps://ubuntu-openldap TLS_REQCERT allow ldap_version 3 binddn cn=nss,dc=arkki,dc=info bindpw TP2009nss rootbinddn cn=manager,dc=arkki,dc=info pam_password md5 nss_base_passwd ou=People,dc=arkki,dc=info?one nss_base_shadow ou=People,dc=arkki,dc=info?one nss_base_group ou=Group,dc=arkki,dc=info?one nss_initgroups_ignoreusers backup,bin,daemon,dhcp,games,gnats,irc,klog,libuuid,list,lp,mail,man,news,openldap,proxy,root,sshd,statd,sync,sys,syslog,uucp,www-data
/etc/ldap.secret
TP2009ldap
/etc/nsswitch.conf
passwd: files ldap group: files ldap shadow: files ldap hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis
Create new users on the OpenLDAP-server
In this guide 30 new users were created on the OpenLDAP-server. Create the 'users.txt' file and use it with Webmin.
create:ltsp001:edubuntu:10001:10000:LTSP 001:/home/ltsp001:/bin/bash::::: create:ltsp002:edubuntu:10002:10000:LTSP 002:/home/ltsp002:/bin/bash::::: create:ltsp003:edubuntu:10003:10000:LTSP 003:/home/ltsp003:/bin/bash::::: create:ltsp004:edubuntu:10004:10000:LTSP 004:/home/ltsp004:/bin/bash::::: create:ltsp005:edubuntu:10005:10000:LTSP 005:/home/ltsp005:/bin/bash::::: create:ltsp006:edubuntu:10006:10000:LTSP 006:/home/ltsp006:/bin/bash::::: create:ltsp007:edubuntu:10007:10000:LTSP 007:/home/ltsp007:/bin/bash::::: create:ltsp008:edubuntu:10008:10000:LTSP 008:/home/ltsp008:/bin/bash::::: create:ltsp009:edubuntu:10009:10000:LTSP 009:/home/ltsp009:/bin/bash::::: create:ltsp010:edubuntu:10010:10000:LTSP 010:/home/ltsp010:/bin/bash::::: create:ltsp011:edubuntu:10011:10000:LTSP 011:/home/ltsp011:/bin/bash::::: create:ltsp012:edubuntu:10012:10000:LTSP 012:/home/ltsp012:/bin/bash::::: create:ltsp013:edubuntu:10013:10000:LTSP 013:/home/ltsp013:/bin/bash::::: create:ltsp014:edubuntu:10014:10000:LTSP 014:/home/ltsp014:/bin/bash::::: create:ltsp015:edubuntu:10015:10000:LTSP 015:/home/ltsp015:/bin/bash::::: create:ltsp016:edubuntu:10016:10000:LTSP 016:/home/ltsp016:/bin/bash::::: create:ltsp017:edubuntu:10017:10000:LTSP 017:/home/ltsp017:/bin/bash::::: create:ltsp018:edubuntu:10018:10000:LTSP 018:/home/ltsp018:/bin/bash::::: create:ltsp019:edubuntu:10019:10000:LTSP 019:/home/ltsp019:/bin/bash::::: create:ltsp020:edubuntu:10020:10000:LTSP 020:/home/ltsp020:/bin/bash::::: create:ltsp021:edubuntu:10021:10000:LTSP 021:/home/ltsp021:/bin/bash::::: create:ltsp022:edubuntu:10022:10000:LTSP 022:/home/ltsp022:/bin/bash::::: create:ltsp023:edubuntu:10023:10000:LTSP 023:/home/ltsp023:/bin/bash::::: create:ltsp024:edubuntu:10024:10000:LTSP 024:/home/ltsp024:/bin/bash::::: create:ltsp025:edubuntu:10025:10000:LTSP 025:/home/ltsp025:/bin/bash::::: create:ltsp026:edubuntu:10026:10000:LTSP 026:/home/ltsp026:/bin/bash::::: create:ltsp027:edubuntu:10027:10000:LTSP 027:/home/ltsp027:/bin/bash::::: create:ltsp028:edubuntu:10028:10000:LTSP 028:/home/ltsp028:/bin/bash::::: create:ltsp029:edubuntu:10029:10000:LTSP 029:/home/ltsp029:/bin/bash::::: create:ltsp030:edubuntu:10030:10000:LTSP 029:/home/ltsp030:/bin/bash:::::
Here are screenshots about Webmin's modules (LDAP Client and LDAP Users and Grops) on the OpenLDAP-server.
Home directories for the thin clients are exported from the OpenLDAP-server with the NFS-service. Install on the OpenLDAP-server the 'nfs-kernel-server' package.
sudo apt-get install nfs-kernel-server
Add a line to the /etc/exports file.
/home 192.168.1.0/255.255.255.0(rw,no_root_squash,async,no_subtree_check)
Restart nfs-kernel-server.
sudo /etc/init.d/nfs-kernel-server restart * Stopping NFS kernel daemon [ OK ] * Unexporting directories for NFS kernel daemon... [ OK ] * Exporting directories for NFS kernel daemon... [ OK ] * Starting NFS kernel daemon [ OK ]
LDAP client programs on the LTSP5-server
Install LDAP client programs in the same manner as on the OpenLDAP server. When you are sure that you can reach and browse over an SSL connection the OpenLDAP-server, then you are ready to edit 'PAM' files. Below are screenshots about Webmin on the LTSP5-server. /!\ Remember that the file format ldap.secret should be "600." Only the root user is allowed to read it! Install the LDAP client programs.
sudo apt-get install ldap-auth-client libpam-ldap libnss-ldap libpam-modules libpam-cracklib libpam-ccreds libpam-mount
Backup ldap.conf. cp /etc/ldap/ldap.conf /etc/ldap/ldap.conf.orig Then make the following changes to the configuration files. /etc/ldap/ldap.conf
BASE dc=arkki,dc=info uri ldaps://ubuntu-openldap TLS_REQCERT allow
/etc/ldap.conf
base dc=arkki,dc=info uri ldaps://ubuntu-openldap TLS_REQCERT allow ldap_version 3 binddn cn=nss,dc=arkki,dc=info bindpw TP2009nss rootbinddn cn=manager,dc=arkki,dc=info pam_password md5 nss_base_passwd ou=People,dc=arkki,dc=info?one nss_base_shadow ou=People,dc=arkki,dc=info?one nss_base_group ou=Group,dc=arkki,dc=info?one nss_initgroups_ignoreusers backup,bin,daemon,dhcp,games,gnats,irc,klog,libuuid,list,lp,mail,man,news,openldap,proxy,root,sshd,statd,sync,sys,syslog,uucp,www-data
/etc/ldap.secret
TP2009ldap
/etc/nsswitch.conf
passwd: files ldap group: files ldap shadow: files ldap hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis
Test LDAP client programs on the LTSP5-server
First test the SSL connection this way.
admin-ltsp5@ubuntu-ltsp5:~$ openssl s_client -connect ubuntu-openldap:636 -showcerts CONNECTED(00000003) depth=0 [--]CN=ubuntu-openldap[--] verify error:num=18:self signed certificate verify return:1
Then the 'passwd' file. Local users in addition to the OpenLDAP-users should appear.
admin-ltsp5@ubuntu-ltsp5:~$ getent passwd root:x:0:0:root:/root:/bin/bash [--] admin-ltsp5:x:1000:1000:Administrator LTSP5,,,:/root/admin-ltsp5:/bin/bash user-ltsp5:x:1001:1001:User LTSP5,,,,:/root/user-ltsp5:/bin/bash [--] ltsp001:x:10001:10000:LTSP 001:/home/ltsp001:/bin/bash ltsp002:x:10002:10000:LTSP 002:/home/ltsp002:/bin/bash [--] ltsp029:x:10029:10000:LTSP 029:/home/ltsp029:/bin/bash ltsp030:x:10030:10000:LTSP 029:/home/ltsp030:/bin/bash admin-ltsp5@ubuntu-ltsp5:~$
Then you can test the nss-user.
admin-ltsp5@ubuntu-ltsp5:~$ ldapsearch -x -D "cn=nss,dc=arkki,dc=info" -W -u "cn=LTSP 001" Enter LDAP Password: # extended LDIF # # LDAPv3 # base <dc=arkki,dc=info> (default) with scope subtree # filter: cn=LTSP 001 # requesting: ALL # # ltsp001, People, arkki.info dn: uid=ltsp001,ou=People,dc=arkki,dc=info ufn: ltsp001, People, arkki.info cn: LTSP 001 uid: ltsp001 uidNumber: 10001 loginShell: /bin/bash homeDirectory: /home/ltsp001 gidNumber: 10000 objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson objectClass: person sn: LTSP 001 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 admin-ltsp5@ubuntu-ltsp5:~$
Only the manager-user can see the encrypted password.
admin-ltsp5@ubuntu-ltsp5:~$ ldapsearch -x -D "cn=manager,dc=arkki,dc=info" -W -u "cn=LTSP 001" Enter LDAP Password: # extended LDIF # # LDAPv3 # base <dc=arkki,dc=info> (default) with scope subtree # filter: cn=LTSP 001 # requesting: ALL # # ltsp001, People, arkki.info dn: uid=ltsp001,ou=People,dc=arkki,dc=info ufn: ltsp001, People, arkki.info cn: LTSP 001 uid: ltsp001 uidNumber: 10001 loginShell: /bin/bash homeDirectory: /home/ltsp001 gidNumber: 10000 userPassword:: e2NyeXB0fVJRSVVuM0VYQ3plWHc= shadowLastChange: 14285 objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson objectClass: person sn: LTSP 001 # search result search: 2 result: 0 Successaan # numResponses: 2 # numEntries: 1 admin-ltsp5@ubuntu-ltsp5:~$
Edit 'PAM' files LTSP5-server
When you are sure that you can connect from the LTSP5-server to the OpenLDAP-server over SSL-encryption, you are ready to edit 'PAM' files. /!\ Touching '/etc/pam.d/*' files in the system is an extremely critical process. Copy and save your 'PAM' files . If no login is possible, then the LTSP5-server must start in the single mode, and on the command line copy back the original 'PAM' files. /!\ When editing you should launch one or more console (Ctrl-Alt-F1) without X and login as a root (sudo -s). If X/GDM is not responding you can continue on the console. Wholly new files are '/etc/pam.d/common-pammount' and '/etc/security/pam_mount.conf.xml'. Delete or comment out (#) the original lines or create entirely new files. These are edited 'PAM' files. /etc/pam.d/common-password - password-related modules common to all services
password required pam_mount.so use_authtok shadow md5 password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_ldap.so use_authtok md5 password required pam_deny.so
/etc/pam.d/common-auth - authentication settings common to all services
account sufficient pam_unix.so account sufficient pam_ldap.so
/etc/pam.d/common-account - authorization settings common to all services
auth required pam_mount.so auth required pam_env.so auth sufficient pam_unix.so likeauth nullok use_first_pass auth sufficient pam_ldap.so try_first_pass auth required pam_deny.so
/etc/pam.d/common-session - session-related modules common to all services
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 session optional pam_ldap.so session required pam_limits.so session required pam_unix.so session optional pam_mount.so shadow md5 use_authtok session optional pam_ldap.so
/etc/pam.d/common-pammount
auth optional pam_mount.so try_first_pass session optional pam_mount.so try_first_pass
/etc/security/pam_mount.conf.xml Add this line.
<volume fstype="nfs" server="192.168.1.3" path="/home/%(USER)" mountpoint="~"/>
Thin client and '*.log' files
This guide used the following 'lts.conf' file. Thin client is Asus Eee 701 4G.
[00:22:15:15:4B:4C] X_CONF=/etc/X11/asus-eee-xorg.conf X_COLOR_DEPTH=16 LDM_DIRECTX=True LDM_AUTOLOGIN=True LDM_USERNAME=ltsp001 LDM_PASSWORD=edubuntu
Here are some lines from the 'log' files. LTSP5-server
Feb 16 12:44:00 ubuntu-ltsp5 dhcpd: DHCPOFFER on 192.168.0.10 to 00:22:15:15:4b:4c via eth1 Feb 16 12:44:00 ubuntu-ltsp5 dhcpd: DHCPREQUEST for 192.168.0.10 (192.168.0.254) from 00:22:15:15:4b:4c via eth1 Feb 16 12:44:00 ubuntu-ltsp5 dhcpd: DHCPACK on 192.168.0.10 to 00:22:15:15:4b:4c via eth1 Feb 16 12:44:01 ubuntu-ltsp5 dhcpd: DHCPREQUEST for 192.168.0.10 (192.168.0.254) from 00:22:15:15:4b:4c via eth1 Feb 16 12:44:01 ubuntu-ltsp5 dhcpd: DHCPACK on 192.168.0.10 to 00:22:15:15:4b:4c via eth1 Feb 16 12:44:01 ubuntu-ltsp5 nbdrootd[6352]: connect from 192.168.0.10 (192.168.0.10) Feb 16 12:44:01 ubuntu-ltsp5 nbd_server[6353]: connect from 192.168.0.10, assigned file is /opt/ltsp/images/i386.img Feb 16 12:44:01 ubuntu-ltsp5 nbd_server[6353]: Size of exported file/device is 198713344 Feb 16 12:44:24 ubuntu-ltsp5 sshd[6363]: Accepted password for ltsp001 from 192.168.0.10 port 59870 ssh2 Feb 16 12:44:24 ubuntu-ltsp5 sshd[6365]: pam_unix(sshd:session): session opened for user ltsp001 by (uid=0) Feb 16 12:44:24 ubuntu-ltsp5 sshd[6365]: pam_mount(mount.c:182) realpath of volume "/home/ltsp001" is "/home/ltsp001"
OpenLDAP-server
Feb 16 12:43:40 ubuntu-openldap slapd[4878]: conn=4 fd=21 ACCEPT from IP=192.168.1.2:44913 (IP=0.0.0.0:636) Feb 16 12:43:40 ubuntu-openldap slapd[4878]: conn=4 fd=21 TLS established tls_ssf=256 ssf=256 Feb 16 12:43:40 ubuntu-openldap slapd[4878]: conn=4 op=0 BIND dn="cn=nss,dc=arkki,dc=info" method=128 Feb 16 12:43:40 ubuntu-openldap slapd[4878]: conn=4 op=0 BIND dn="cn=nss,dc=arkki,dc=info" mech=SIMPLE ssf=0 Feb 16 12:43:40 ubuntu-openldap slapd[4878]: conn=4 op=0 RESULT tag=97 err=0 text= Feb 16 12:43:40 ubuntu-openldap slapd[4878]: conn=4 op=1 SRCH base="ou=People,dc=arkki,dc=info" scope=1 deref=0 filter="(objectClass=posixAccount)" Feb 16 12:43:40 ubuntu-openldap slapd[4878]: conn=4 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Feb 16 12:43:40 ubuntu-openldap slapd[4878]: conn=4 op=1 SEARCH RESULT tag=101 err=0 nentries=30 text=